A minimal Node backend that returns Power BI embed tokens for a React client using
powerbi-client-react.
TENANT_ID=your-azure-tenant-id
CLIENT_ID=your-service-principal-client-id
CLIENT_SECRET=your-service-principal-client-secret
WORKSPACE_ID=your-powerbi-workspace-id
REPORT_ID=your-powerbi-report-id
PORT=3000npm install express dotenvnode app.jscurl http://localhost:3000/embed-tokenResponse
{ "embedToken": "...", "embedUrl": "...", "reportId": "..." }- Create a confidential app (record Tenant ID and Client ID). (creates service principal used by the server)
- Add a client secret or certificate and save its value. (used for client credentials auth)
- Add Power BI Service API permissions and click "Grant admin consent". (allows app to call Power BI APIs)
- Ensure "Service principals can call Fabric public APIs" or "Allow service principals to use Power BI APIs" is enabled. (lets apps use Power BI REST)
- If restricting by groups, add the app's service principal to the allowed security group. (limits which apps can call APIs)
- Open the target workspace → Access → Add → enter the service principal (app) and assign Admin.
- Set TENANT_ID, CLIENT_ID, CLIENT_SECRET, WORKSPACE_ID, REPORT_ID, PORT. (required by the Node server)
- Start server with
node app.jsand call/embed-token;withcurl http://localhost:3000/embed-token
- Report.Read.All — read reports (needed to get embedUrl).
- Dataset.Read.All — read datasets (needed if report uses datasets).
Important — apply admin consent for all permissions
- After you add the required API permissions in Azure AD, click "Grant admin consent for " to apply tenant-wide admin consent for all configured permissions.