Imagine effortlessly automating your workflows and driving efficiency with minimal effort in Microsoft Fabric.
With Fabric REST APIs, your developers can now focus on supporting critical business use cases instead of mundane tasks. Unleash the power of automation and watch as your team transforms the way you interact with data and applications.
Ready to revolutionise your automation game? Take the leap and experience the magic of Fabric REST API today!
Introduction
Microsoft Fabric is an end-to-end analytics and data platform designed for enterprises requiring an unified all-in-one solution. Microsoft Fabric caters various workloads including data engineering, data science, real-time workloads and many more. By utilising Microsoft Fabric APIs, developers are able to automate various components within Fabric for reliability and improved productivity. Using Fabric APIs, developers, individuals and teams can make direct changes to Fabric including a specific Fabric item, e.g. Data Pipeline. The benefits include:
- Automation:
- Repeated procedures and processes can be automated to increase overall productivity for developers, data teams, engineers, analyst, etc.
- Ensuring consistent and repeatable behaviour during deployments as compared to manual deployment where an operator/engineer may accidently miss a step.
- Integration:
- Integrate with multiple Fabric items to meet specific needs and end-to-end use case(s).
The recent announcement on Fabric REST APIs supporting service principals allow greater secure automation to deploy Fabric infrastructure and configure them. Other identity types are also supported: managed identity and user based identity. In this article, I will walk through a simple Fabric API example: create workspace using the service principal identity approach. Note that, this approach generally applies across all the Fabric REST APIs. The only difference between each of the APIs would be the payload and parameter supplied.
High-level Flow
On a high-level, to work with the Fabric REST API the process consist of obtaining an access token and then passing this time-bound access token to the Fabric REST API call. Depending on the API, a payload may also be needed. Above is a diagram showcasing the flow with a service principal identity based approach.
Creating the App Registration
As a starter, an app registration needs to be created with appropriate API permissions assigned as per the Fabric REST API documentation. Typically, an app registration (often referred as to the service principal) is created by the IT department / Azure administrator.
Through the Fabric REST API create workspaces official documentation, we can identify the supported identity types an the required scopes. In this case, service principal is supported and a delegated scope of ‘Workspace.ReadWrite.All’ is required.
To assign this scope navigate to your app registration:
App registration in Microsoft Entra -> API Permission -> Add a permission -> Power BI Service -> Delegated permission -> Select ‘Workspace.ReadWrite.All’ -> Add permissions
Note that, if a delegated permission mentions Admin consent required = ‘Yes’, it is important the specific API permission is granted the Admin consent. This usually is done by the IT department / Azure administrator. Once granted, you should see a green tick. In our case, this is not required.
Next, we need to create a client secret by navigating to the ‘Certificates & secrets’ tab:
Select a suitable time period for the secret expiry and press ‘Add’. Make a note of this client secret as it will not be visible again if you navigate away. Store them securely as you would with any passwords.
Note that the app registration secret expires after a certain time period. Therefore, managing the creation of new secrets and updating secrets in any existing API calls may need to be considered when building a full end-to-end use case.
Next, depending on your Fabric Tenant Settings, you may need to add the service principal to a security group. This can only be done by an Fabric admin and the below page only shows up if you are a Fabric administrator.
Obtaining an Access Token
Obtaining an access token can be done in several ways. In this article I will perform a call to the Microsoft OAuth 2.0 Authorisation endpoint. I made this call using Postman, but this approach can also be applied in a programmatic POST method. Note that, depending on the programming language, rather than going for the POST based approach, an azure identity library may exists (e.g. in Python: azure-identity). The tenant ID can be obtained through the Azure Portal / Azure CLI. The final POST URL endpoint is:
https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
The request body should contain the following:
- grant_type = client_credentials
- client_id = <client id of the SP>
- client_secret = <client secret of the SP>
- scope = https://api.fabric.microsoft.com/.default
The response of this request will give you back an access token (starting with ‘ey…’) that you can utilise for the Fabric REST API call.
Fabric Capacity Configuration
Remember we are trying to add a workspace to a specific capacity. We still require adding the service principal to the capacity. Navigate the admin portal and select your preferred option in the ‘Contributor permissions’. It is recommended to add the service principal to a group and then add the group in the 'Specific user or groups' option:
The Final Call
Now we are ready to make a call to the Fabric REST API – create workspace:
POST https://api.fabric.microsoft.com/v1/workspaces
When reading through the official documentation, the request body requires few things to be constructed:
- displayName = the name of the workspace
- capacityID = the ID of the Fabric capacity that the workspace will be assigned to
- description = as the name implies some description about the workspace
I found that the easiest way to get the capacity id was by navigating to the:
Fabric home page -> Settings icon -> Admin portal -> Capacity settings -> Select the capacity -> Look at the URL link and get the ID after the /capacities/
e.g.:
https://app.fabric.microsoft.com/admin-portal/capacities/<capacity-id>?experience=power-bi
Finally, we can call the Fabric REST API – in our case using Postman. Ensure in the 'Authorization' tab, the type is set to 'Bearer Token' and the value inside the 'Token' field is the access token. E.g.:
And finally we get:
The status code 201 indicates the workspace was created. Note that, if you cannot see the workspace in Fabric homepage, it means that you as a user have not been assigned to the workspace. You can assign yourself using this API: add workspace role assignment.
Conclusion and Caveats
In this article, we looked at an example of the create workspace Fabric REST API. Other Fabric REST APIs follow the same structure with differences in the payloads and parameters passed to the API. When exploring further, be aware of the following:
- Long running operations: in some APIs you will need to poll for the status and finally get the response back.
- Limits and throttling: when making a number of API calls in a short time span consider how it affects the throttling behaviour.
- Pagination: When getting a large list with multiple items, pagination is used for efficiency and performance. For example, you will need to use a continuationUri and continutionUrl to get the next x number of items within a list, i.e. navigating the page.
- Preview: Some of the Fabric REST APIs are still in preview which may not be suitable for production workloads.
Ready to level up your Automation? Visit our website for more resources, or contact us to see how we can help you streamline your data processes and create efficient, scalable solutions.
*Disclaimer: The blog post image was generated by AI and does not depict any real person, place, or event.
