Getting error while calling Fabric REST API's
While testing Fabric API's with POSTMAN, For Get Call, getting below error
https://api.fabric.microsoft.com/v1/workspaces/****
Error:
"errorCode": "InsufficientPrivileges", "message": "The caller does not have sufficient permissions to access the requested resource",
For Update Git API-POST call, getting below error https://api.fabric.microsoft.com/v1/workspaces/****/git/updateFromGit
Error:
"errorCode": "PrincipalTypeNotSupported", "message": "The operation is not supported for the principal type"
Service Principal
The error "The caller does not have sufficient permissions to access the requested resource" usually occurs if the Microsoft Entra ID application does not have proper permissions or role to call the API.
To resolve the error, you need to add Microsoft Entra ID application/Service Principal as Admin or contributor to the workspace:
Grant below API permission:
Generate access token:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:
client_secret: xxx
scope: https://api.fabric.microsoft.com/.default
grant_type: client_credentials
I am able to call the API successfully:
GET https://api.fabric.microsoft.com/v1/workspaces/{workspaceId}
Note that: The Update From Git API cannot be called using client credential flow. That is this API doesn't not support Service principal or managed identity. Refer this MsDoc
Hence you are getting the error "PrincipalTypeNotSupported" as you are generating access token from client credential flow and calling the API.
Hence to resolve the error, you need to switch to any user interactive flow and grant delegated API permission Workspace.GitUpdate.All to the Microsoft Entra ID application.
- For sample, make use of Authorization code flow as detailed in this SO Thread by me.
- You cannot use Service Principals due to API restrictions, but you can automate the process by using User-based Authentication once (via OAuth 2.0), and then store and use the access token in your Azure DevOps Pipeline for subsequent API calls.
- Store the user access token securely. Use this token for subsequent automated API calls within the Azure DevOps pipeline.
- You can also refresh the access token by implementing a script to refresh the access token before it expires.
- "Schema" property not found in Postgres Connector
- Downloading file from Azure blob storage via Memory Stream
- Reading env variable from template.yaml
- HTTP Error 500.30 - ASP.NET Core app failed to start - Azure
- Azure DevOps Pipelines: TerraformTaskV4: init with different subscription and Workflow Identity Federation
- Enabling HTTPS for a Azure blob static website
- How to search across many Azure Devops Git project and find all files which contain specific text AND which filename contains "Resource"
- Hosting SPA with Static Website option on Azure Blob Storage (clean URLs and Deep links)
- Using Managed Identity to Access Azure OpenAI Service
- Azure data factory not loading
- Transfer encrypted dataprotection keys from a windows vm to azure keyvault
- Refresh powerBI data with additional column
- Azure Application Insights AKS - How to Create 1 custom alert rule which will trigger multiple alerts, but with different names (per pod name)?
- gRPC and REST side by side in Azure App Service, Linux Container
- Connecting to a SignalR WSS stream but not getting the response i am looking for
- SignalR prevent user from opening multiple sessions in different tabs
- Application Insights -_logger.LogInformation
- CosmosDB is not allowing serverless capabalities to NoSQL, it says I must use CapacityMode
- Azure Webapp / Website Swap : HTTP Ping Error
- Microsoft Graph API - Update phoneMethods is no longer working
- Use Azure Key Vault secret in Header section of Web Activity
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How do I save and later load Azure AnalyzeResult object in python?
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure ADF - HTTP : Table from list
- Self hosted azure devops build agent not getting tool from $PATH
- Azure devops pipeline stages template nesting
- Azure APIM is returning the incorrect HTTP response error when call is missing mandatory querystring parameter
- Azure DevOps build pipeline logid for a specific task - dynamically
- PS script to fetch the list non-compliance resource list with respect to policy from multiple subscriptions