Rename Power BI dataflow using Power BI REST API - 401 Unauthorised

Question

I would like to use Python to rename dataflows in our Power BI tenancy using the Power BI API endpoint update dataflow , but I am receiving an authorisation error.

Following the Microsoft guidance I have:

• Create an Azure app
• Granted the Dataflow.ReadWrite.All permissions
• Added the service principal to a security group
• Updated the Power BI tenancy settings to allow the new security group to run Power BI APIs
• Granted access to the workspace to the security group and service principal

When I run the code below I receive <Response [401]> , however similar code I have written for other end points such as get dataflow or refresh dataflow work fine. If I remove all the Power BI API permissions from the Azure app it is still able to run the get and refresh calls. It is like the code is using the user permissions for the workspace and not picking up the app permissions.

Any help is greatly appreciated.

Thanks

Python

import adal
import requests

TENANT_ID = "abc-123"
CLIENT_ID = "def-456"
CLIENT_SECRET = "ghi-789"
WORKSPACE_ID = "jkl-987"
DATAFLOW_ID = "mno-654"

authority_url = "https://login.microsoftonline.com/"+TENANT_ID

context = adal.AuthenticationContext(authority_url)

token = context.acquire_token_with_client_credentials(
    resource="https://analysis.windows.net/powerbi/api",
    client_id=CLIENT_ID,
    client_secret=CLIENT_SECRET,
)

access_token = token.get("accessToken")
token_type = token.get("tokenType")

tokenString = "{} {}".format(token_type, access_token)

header = {"Authorization": tokenString}

newName = "This is a new name"
body = {"name": newName}

refresh_url = "https://api.powerbi.com/v1.0/myorg/groups/{}/dataflows/{}".format(WORKSPACE_ID, DATAFLOW_ID) #get all meta for specific dataflow

r = requests.patch(url=refresh_url, headers=header, json = body)

print(r)

Answer 1

According to the description you provided in comments, it seems you have enabled MFA. So when you use username/password flow, it will be blocked.

So you can just use auth code flow to get access token. You need to use the method acquire_token_with_authorization_code(authorization_code, redirect_uri, resource, client_id, client_secret=None, code_verifier=None) . I think you know all of the parameters in method except authorization_code . You can refer to this document to know how to get it.

Request the url with the parameters follow the url, it will redirect to the redirect uri which you specified in the request and follow a parameter named code=... . The value of code is authorization_code .

Here I provide my request sampel(use auth code flow) for your reference:

I request the url: https://login.microsoftonline.com/xxxxx/oauth2/v2.0/authorize?client_id=xxxxx&response_type=code&redirect_uri=https://hurytest&response_mode=query&scope=https://graph.microsoft.com/.default&state=12345&nonce=67890

It will ask me to login. After login, it will redirect to the uri https://hurytest/ with code following.

The code is authorization code . You can use the code to do next step.

By the way, please pay attention to the scope and resource of the request. I use v2.0 endpoint in my sample, so I use scope instead of resource , but I noticed you use resource in your code(v1.0 endpoint use resource ).