You can use Power Automate to call Power BI REST APIs using an HTTP action with Azure Active Directory (Azure AD) application and Active Directory OAuth details.
This article explains how to register the application and fill out the HTTP action's fields, including Active Directory OAuth's requirements with the appropriate information to invoke a Power BI REST API.
Register an Azure AD application to use with Power BI
The first step is to register an Azure AD application to establish permissions for Power BI REST resources and allows access to the Power BI REST APIs. There are two ways to register the Azure AD application for Power BI:
As I mentioned, option 1 does not work now, and you need to use option 2.
Power BI embedding environment has two solutions:
Embed for your customers
Embed for your organization
if you need more info about the difference between the above solutions, click here.
Select your solution and follow the steps (I selected Embed for your organization); for more details on registering an Azure AD application for the Power BI embed, click here.
Note: Before registering a Power BI app, you need an Azure Active Directory tenant and an organizational user.
Step 1 is easy, you need to sign in to the Power BI, and then in step 2 you need to complete some fields (I completed the step 2 field as follows):
And you can skip steps 3 and 4. After you have followed these steps, you will find your application details on the right side of the page, which you must use to set up the HTTP action on the Power Automate, so copy and paste those codes on a word document or a note file for future reference.
Azure AD app's permissions
Now that the Azure AD application has been registered, follow these steps to modify or add the app's permissions:
Sign in to the Azure portal.
Select your Azure AD tenant by selecting your account in the upper right corner of the page.
Select Azure Active Directory.
Select App registrations.
Select All applications, and click on your app.
From the left, under Manage, select API permissions.
Select Add permission.
Select Delegated permissions. A list of APIs is displayed.
Expand the API you want to add permissions to and select the permissions you want to add to it (I selected all APIs 😊)
Select Add permissions.
In the end, click on Grant Admin consent for
Getting started with the Azure AD app (service principal) in Power BI Service
After updating the Azure AD app's permissions, you need to perform the following actions on the Power BI service to be able to use this application in the Power Automate flow:
Enable service principals to use Power BI APIs:
To grant the Azure AD app access to the Power BI content and APIs, the admin needs to enable service principal on the Power BI admin portal. Go to Tenant settings on the Admin portal, and add the security group you created in Azure AD to the specific security group section in the Developer settings.
2. Add the Azure AD app (your service principal) as a workspace member
Set HTTP Action on Power Automate
To use the HTTP action on Power Automate, you need to complete a few fields; To begin, click on the Show advance option on the HTTP action:
Then you can see all fields that need to be completed to invoke a Power BI REST API:
By using the HTTP action in Power Automate, we can invoke/call an API by using 5 different methods:
GET = read
PUT = update
POST = write
PATCH = update (but only partially)
DELETE = remove
The appropriate method for each Power BI Rest API operation can be found on the Microsoft Documentation page for that operation.
URIs are identifiers of resources that work across the Web. A URI consists of a scheme (such as HTTP and HTTPS), a host (such as www.example.org), and a port number followed by a path with one or more segments (such as /users/1234), and a query string.
You can find the URI of each Power BI Rest API operation on the Microsoft Documentation page for that operation.
There are five authentication options in the authentication field, and you need to select Active Directory OAuth to use the Power BI App and invoke a Rest API.
4- Authentication fields
There are six fields in Active Directory OAuth which need to be filled out in order to complete the HTTP action setup:
Authority: This field is optional, so that you can leave it blank Tenant: You can find your Tenant ID on the Azure portal. Sign in and Select Active Directory →App Registration → Find your App and click on it → Click on the Overview On the Overview tab, you can find your Tenant and Client IDs
Audience: in this field, copy and paste this: https://analysis.windows.net/powerbi/api
Client ID: same as Tenant ID; you can find it on Azure Portal, or you can use your saved application details (Click Here)
Credential Type: this field has two options, Secret and Certificate; select the Secret on this field.
Secret: use the Application Secret that you have saved at the end of creating the Power BI embedding environment (Click Here)