Question

What is the process for updating key credentials of a Databricks data source via the Power BI REST API?

I want to programmatically update the authentication credentials for a Databricks data source in Power BI using the Power BI REST API. What are the necessary steps to achieve this, including API authentication, request payload structure, and security considerations? Are there any limitations or best practices I should be aware of when managing credentials through the API?

Answer 1

Updating Databricks Credentials in Power BI via REST API

Updating authentication credentials for a Databricks data source in Power BI using the Power BI REST API requires proper authentication, API requests, and security considerations. Below is the step-by-step process.

---

Prerequisites

• Power BI Admin Access to update data sources.
• Databricks credentials (PAT token or OAuth).
• Power BI REST API permissions granted in Azure AD.
• Registered Azure AD App with appropriate API permissions (Dataset.ReadWrite.All).

---

 Steps to Update Databricks Credentials

Step 1: Get Power BI API Access Token

Before making API calls, obtain an OAuth token using Azure AD:

• Request Token (using Microsoft Identity Platform)

  POST https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
  Content-Type: application/x-www-form-urlencoded
  
  client_id={client_id}
  client_secret={client_secret}
  grant_type=client_credentials
  scope=https://graph.microsoft.com/.default

• Extract Access Token from the response and include it in API requests.

---

Step 2: Get the Databricks Data Source ID

• Retrieve all datasets and find the Databricks data source ID.

GET https://api.powerbi.com/v1.0/myorg/datasets
Authorization: Bearer {access_token}

• Locate the correct dataset and extract the datasourceId for Databricks.

---

Step 3: Update Databricks Credentials

• Use the Power BI REST API to update credentials.

PATCH https://api.powerbi.com/v1.0/myorg/gateways/{gatewayId}/datasources/{datasourceId}
Authorization: Bearer {access_token}
Content-Type: application/json

{
  "credentialDetails": {
    "credentialType": "Basic",
    "credentials": "{\"username\":\"your_databricks_user\",\"password\":\"your_pat_token\"}",
    "encryptedConnection": "Encrypted",
    "privacyLevel": "Organizational"
  }
}

• Alternative for OAuth Authentication:
  Replace "credentialType": "Basic" with "OAuth2" and provide OAuth tokens.

---

Security Considerations & Best Practices

Use Secure Storage for Credentials

• Store Databricks tokens securely in Azure Key Vault instead of hardcoding them.

Rotate Tokens Regularly

• Databricks PAT tokens expire, so automate credential rotation via a scheduled script.

Check Power BI API Rate Limits

• The Power BI REST API has request limits (e.g., 200 requests per hour per user).

 Use Power BI Data Gateway if Required

• If connecting via an on-premises gateway, update credentials using the Gateway API.