Skip to main content

Time to read: 4 minutes

Postman is a valuable tool for working with APIs, especially when testing and ad hoc requests outside of an automated production solution. In terms of where a Power BI developer might find Postman useful, it falls somewhere in between «Try it» from the documentation functionality and a more production-worthy solution that incorporates tools such as Azure DevOps, Logic Apps / Power Automate, a custom Power BI connector, and more.

The ideas in this publication extend a original post by Carl de Souza. Carl shows how to get an OAuth2 access token, but he does it with hard-coded values. Additional API requests use the token from the original response, but you also manually provide this token to subsequent API calls.

The following steps assume that you are already familiar with the basics of both Postman and the Power BI API. Sign up for a Power BI Azure Active Directory app if you don't already have one, and you should also have the appropriate scope defined for your desired tasks.

Add variables

Extension of the Postman technique to use variables instead of hard-coded values, it makes the effort more automatic and convenient. In particular, when passing the access token to a variable for reuse in other API requests, a manual copy paste »[token]” is removed each time a new request is made after a previous token expires.

Ultimately, the goal is to provide an access token to any Power BI REST API request without having to manually put the authorization token in the request. Achieving this relies on a session variable (called temp_access_token in this case as seen in the screenshot).


To obtain this result, the first step is to create a new Environment in Postman. Then add five variables to replace the hard-coded values seen in Carl's original post. I've used environment variables so I can use them across multiple collections, but narrowing the scope to collection variables would work too.


Four variables are used in the request body to get the access token from These are just local session variables (specify Current value but do do not add sensitive data to Initial value).
1) Username - Organizational Power BI user
2) password - Power BI organization password
3) Customer identification - Your ID Azure Active Directory application
4) client_secret - Secret of your Azure Active Directory application

NOTE: Postman does not currently have a way to protect, hide, or mask variable values. After working with Microsoft products like Azure Key Vault, you feel so vulnerable just storing a password in a variable. However, for use with the grant type of OAuth = password, session variables are a step up from encoding them in the body of a request. This is especially true if you are using Postman for teams and your workspace is in sync. Just keeping this data in Current value, at least it stays local.


The fifth variable, temp_access_token, is not specified manually like the other four. Instead you will use code in the Postman Tests tab to write the access token to that variable. Tests it is an area for placing JavaScript code that is executed after the request occurs.

Get a Token

The initial API request gets the access token used in subsequent calls.

Add a new one Send application

for Headers, add:

Key = Content-Type
Value = application / x-www-form-urlencoded

for Body, which includes the variable values inside {{}}, add:

grant_type = password & username = {{username}} & password = {{password}} & client_id = {{client_id}} & client_secret = {{client_secret}} & resource = https: //

What follows is the most useful part. The code here saves you from having to manually copy and paste the bearer token in additional requests.

In Tests, add:

var token; try {
    var response = JSON.parse (responseBody); 
    token = response.access_token; 
    pm.environment.set ("temp_access_token", token);
} catch (err) {console.warn (err.message); }

The code used in Tests parses the JSON response and assigns the access_token provided by Microsoft to the temp_access_token variable.


A successful request will show the access_token and other data.


It will also write the access token to the appropriate variable.

Use the token in subsequent requests

Additional requests will depend on what you want to do with the Power BI API. However, the common step will involve passing the authorization header with the token stored as a variable.

for Headers, add:

Key = Authorization Value = Bearer {{temp_access_token}}

For example, I can use this setting to expand all workspace data in my tenant using the management / groups endpoint. I just need the dynamic authorization method, url and header. No manual copy / paste required.


You could even extend this method to include additional variables for relative endpoint URLs and more!

If you have any questions, comment below and let me know if you use Postman and find this method helpful.


Payment links

As an Amazon Associate, I earn on qualifying purchases.