Microsoft Power Bi - Nango Docs

Overview

Pre-built tooling

Pre-built integrations

Access requirements

Setup guide

Useful links

API gotchas

Pre-built tooling

✅ Authorization

Tools	Status
Pre-built authorization (OAuth)	✅
Credentials auto-refresh	✅
Auth parameters validation	✅
Pre-built authorization UI	✅
Custom authorization UI	✅
Expired credentials detection	✅

✅ Read & write data

Tools	Status
Pre-built integrations	🚫 (time to contribute: <48h)
API unification	✅
2-way sync	✅
Webhooks from Nango on data modifications	✅
Real-time webhooks from 3rd-party API	🚫 (time to contribute: <48h)
Proxy requests	✅

✅ Observability & data quality

Tools	Status
HTTP request logging	✅
End-to-type type safety	✅
Data runtime validation	✅
OpenTelemetry export	✅
Slack alerts on errors	✅
Integration status API	✅

✅ Customization

Tools	Status
Create or customize use-cases	✅
Pre-configured pagination	🚫 (time to contribute: <48h)
Pre-configured rate-limit handling	🚫 (time to contribute: <48h)
Per-customer configurations	✅

Pre-built integrations

No pre-built integration yet (time to contribute: <48h)

Not seeing the integration you need? Build your own independently.

Access requirements

Pre-Requisites	Status	Comment
Paid dev account	✅ Not required	Free, self-signup for a Microsoft account and Azure account.
Paid test account	✅ Not required	Free Microsoft account can be used for testing.
Partnership	✅ Not required
App review	⚠️ Conditional	Required only if you want to publish your app to the Microsoft commercial marketplace or if your app needs admin consent for certain permissions.
Security audit	✅ Not required

Setup guide

Create a Microsoft account and Azure account

If you don’t already have them, sign up for a Microsoft account and an Azure account.

Sign in to the Microsoft Entra admin center as at least an Application Developer.
If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application.
From the search bar at the top of the Azure portal, search for App registrations and select it. Then choose New registration. Or from your left navigation tab, navigate to Applications > App registrations then choose New registration.
Enter a meaningful name for your application, for example “Nango Integration”.
Under Supported account types, select the appropriate option based on your needs:
- Accounts in this organizational directory only - For single-tenant apps for use only by users in your tenant.
- Accounts in any organizational directory - For multitenant apps that you want users in any Microsoft Entra tenant to be able to use.
- Accounts in any organizational directory and personal Microsoft accounts - For multitenant apps that support both organizational and personal Microsoft accounts.
- Personal Microsoft accounts - For apps used only by personal Microsoft accounts.
Leave the Redirect URI section blank for now; we’ll configure it in a later step.
Click Register to complete the app registration.

Note your application (client) ID

After registration, you’ll be taken to the application’s Overview page. Record the Application (client) ID, which uniquely identifies your application and is used in your application’s code as part of validating security tokens.

Add a redirect URI

In the left sidebar, select Authentication.
Under Platform configurations, select Add a platform.
Select Web as the platform type.
Enter https://api.nango.dev/oauth/callback as the Redirect URI.
Under Implicit grant and hybrid flows, check the boxes for Access tokens and ID tokens if your application needs them.
Under Advanced settings, set Allow public client flows to No for web applications.
Click Configure to save your changes.

Add API permissions

In the left sidebar, select API permissions.
Click Add a permission.
Select Power BI Service to integrate with Microsoft Power Bi.
Choose the type of permissions:
- Delegated permissions - Your app accesses the API as the signed-in user.
- Application permissions - Your app accesses the API directly without a signed-in user.
Select the specific permissions your app requires, Please refer to the table below for some of the commonly used scopes.
Click Add permissions.
If your application requires admin consent, click Grant admin consent for [tenant] to pre-authorize the permissions.

Create a client secret

In the left sidebar, select Certificates & secrets.
Under Client secrets, click New client secret.
Enter a description for the secret and select an expiration period (6 months, 12 months, 24 months, or custom).
Click Add.
Important: Copy the secret value immediately and store it securely. You won’t be able to see it again after you leave this page.

Configure token settings (optional)

In the left sidebar, select Token configuration.
Here you can configure optional claims to be included in the ID and access tokens issued to your application.
Click Add optional claim if you need to include additional information in your tokens.

Configure app visibility (optional)

If you want users to see your app on their My Apps page:

From the search bar at the top of the Azure portal, search for Enterprise applications, select it, and then choose your app.
On the Properties page, set Visible to users? to Yes.

Follow the Quickstart.

Useful links

Topic	Links
General	Microsoft Entra Admin Center
	Azure Portal
	Microsoft Graph Explorer
Developer	Microsoft identity platform documentation
	Microsoft Graph API Overview
	How to register an Application
	OAuth 2.0 Authorization Code Flow
	Microsoft Graph Permissions Reference
	Microsoft Authentication Libraries (MSAL)
	Microsoft Graph API Reference
	Microsoft Graph Throttling Guidance
	Redirect URI Best Practices

Contribute useful links by editing this page

Common Scopes

Scope	Description
`Dataset.Read.All`	Read all datasets the user has access to
`Dataset.ReadWrite.All`	Read and write all datasets the user has access to
`Report.Read.All`	Read all reports the user has access to
`Report.ReadWrite.All`	Read and write all reports the user has access to
`Dashboard.Read.All`	Read all dashboards the user has access to
`Dashboard.ReadWrite.All`	Read and write all dashboards the user has access to
`Workspace.Read.All`	Read all workspaces the user has access to
`Workspace.ReadWrite.All`	Read and write all workspaces the user has access to
`Capacity.Read.All`	Read all capacities the user has access to
`Tenant.Read.All`	Read tenant-level metadata for Power BI
`Dataflow.Read.All`	Read all dataflows the user has access to
`Dataflow.ReadWrite.All`	Read and write all dataflows the user has access to
`App.Read.All`	Read all apps the user has access to
`App.ReadWrite.All`	Read and write all apps the user has access to
`offline_access`	Access to refresh tokens for offline access
`User.Read.All`	Read user profiles in the organization

API gotchas

You can find permissions required for each API call in their corresponding API methods section, i.e, to get a dashboard in Microsoft Power Bi, you can have a look at Get Dashboard permission.

Make sure you request the offline_access scope to get a refresh token and keep access with your integration.
Microsoft offers a tool that allows you to construct and perform Graph API queries and see their response for any apps on which you have an admin, developer, or tester role. For more information you can check Microsoft Graph Explorer.
Please be aware that the Microsoft Graph API implements throttling to manage the volume of requests. For more information on handling throttling, refer to the Microsoft Graph Throttling Guidance.
Microsoft Graph API has different versions (v1.0 and beta). The v1.0 endpoint is for production use, while the beta endpoint contains features that are still in preview.
When requesting permissions that require admin consent, users without admin privileges will not be able to complete the OAuth flow unless an admin has pre-authorized the permissions.
For multitenant applications, you may need to handle tenant-specific endpoints and permissions.
You can set the .default scope documentation to ensure the permissions remain the same as those granted at the organization level.
The .default scope can’t be combined with the scopes registered in the Azure portal. So either just use the .default scope or remove it to list out explicit parameters that are required. If you attempt to combine them you’ll receive the following error

.default scope can't be combined with resource-specific scopes

If you require a user to reauthenticate and force them to accept scopes that have been updated or changed you can force a prompt via the authorization_params:

const { data } = await nango.createConnectSession({
  [...],
  integrations_config_defaults: {
    "<provider-name>": {
      authorization_params: {
        "prompt": "consent"
      }
    }
  }
});

Contribute API gotchas by editing this page

On this page

Overview
Pre-built tooling
Pre-built integrations
Access requirements
Setup guide
Useful links
Common Scopes
API gotchas

Overview

Pre-built tooling

Pre-built integrations

Access requirements

Setup guide

Useful links

API gotchas

Pre-built tooling

✅ Authorization

Tools	Status
Pre-built authorization (OAuth)	✅
Credentials auto-refresh	✅
Auth parameters validation	✅
Pre-built authorization UI	✅
Custom authorization UI	✅
Expired credentials detection	✅

✅ Read & write data

Tools	Status
Pre-built integrations	🚫 (time to contribute: <48h)
API unification	✅
2-way sync	✅
Webhooks from Nango on data modifications	✅
Real-time webhooks from 3rd-party API	🚫 (time to contribute: <48h)
Proxy requests	✅

✅ Observability & data quality

Tools	Status
HTTP request logging	✅
End-to-type type safety	✅
Data runtime validation	✅
OpenTelemetry export	✅
Slack alerts on errors	✅
Integration status API	✅

✅ Customization

Tools	Status
Create or customize use-cases	✅
Pre-configured pagination	🚫 (time to contribute: <48h)
Pre-configured rate-limit handling	🚫 (time to contribute: <48h)
Per-customer configurations	✅

Pre-built integrations

No pre-built integration yet (time to contribute: <48h)

Not seeing the integration you need? Build your own independently.

Access requirements

Pre-Requisites	Status	Comment
Paid dev account	✅ Not required	Free, self-signup for a Microsoft account and Azure account.
Paid test account	✅ Not required	Free Microsoft account can be used for testing.
Partnership	✅ Not required
App review	⚠️ Conditional	Required only if you want to publish your app to the Microsoft commercial marketplace or if your app needs admin consent for certain permissions.
Security audit	✅ Not required

Setup guide

Create a Microsoft account and Azure account

If you don’t already have them, sign up for a Microsoft account and an Azure account.

Sign in to the Microsoft Entra admin center as at least an Application Developer.
If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application.
From the search bar at the top of the Azure portal, search for App registrations and select it. Then choose New registration. Or from your left navigation tab, navigate to Applications > App registrations then choose New registration.
Enter a meaningful name for your application, for example “Nango Integration”.
Under Supported account types, select the appropriate option based on your needs:
- Accounts in this organizational directory only - For single-tenant apps for use only by users in your tenant.
- Accounts in any organizational directory - For multitenant apps that you want users in any Microsoft Entra tenant to be able to use.
- Accounts in any organizational directory and personal Microsoft accounts - For multitenant apps that support both organizational and personal Microsoft accounts.
- Personal Microsoft accounts - For apps used only by personal Microsoft accounts.
Leave the Redirect URI section blank for now; we’ll configure it in a later step.
Click Register to complete the app registration.

Note your application (client) ID

Add a redirect URI

In the left sidebar, select Authentication.
Under Platform configurations, select Add a platform.
Select Web as the platform type.
Enter https://api.nango.dev/oauth/callback as the Redirect URI.
Under Implicit grant and hybrid flows, check the boxes for Access tokens and ID tokens if your application needs them.
Under Advanced settings, set Allow public client flows to No for web applications.
Click Configure to save your changes.

Add API permissions

In the left sidebar, select API permissions.
Click Add a permission.
Select Power BI Service to integrate with Microsoft Power Bi.
Choose the type of permissions:
- Delegated permissions - Your app accesses the API as the signed-in user.
- Application permissions - Your app accesses the API directly without a signed-in user.
Select the specific permissions your app requires, Please refer to the table below for some of the commonly used scopes.
Click Add permissions.
If your application requires admin consent, click Grant admin consent for [tenant] to pre-authorize the permissions.

Create a client secret

In the left sidebar, select Certificates & secrets.
Under Client secrets, click New client secret.
Enter a description for the secret and select an expiration period (6 months, 12 months, 24 months, or custom).
Click Add.
Important: Copy the secret value immediately and store it securely. You won’t be able to see it again after you leave this page.

Configure token settings (optional)

In the left sidebar, select Token configuration.
Here you can configure optional claims to be included in the ID and access tokens issued to your application.
Click Add optional claim if you need to include additional information in your tokens.

Configure app visibility (optional)

If you want users to see your app on their My Apps page:

From the search bar at the top of the Azure portal, search for Enterprise applications, select it, and then choose your app.
On the Properties page, set Visible to users? to Yes.

Follow the Quickstart.

Useful links

Topic	Links
General	Microsoft Entra Admin Center
	Azure Portal
	Microsoft Graph Explorer
Developer	Microsoft identity platform documentation
	Microsoft Graph API Overview
	How to register an Application
	OAuth 2.0 Authorization Code Flow
	Microsoft Graph Permissions Reference
	Microsoft Authentication Libraries (MSAL)
	Microsoft Graph API Reference
	Microsoft Graph Throttling Guidance
	Redirect URI Best Practices

Contribute useful links by editing this page

Common Scopes

Scope	Description
`Dataset.Read.All`	Read all datasets the user has access to
`Dataset.ReadWrite.All`	Read and write all datasets the user has access to
`Report.Read.All`	Read all reports the user has access to
`Report.ReadWrite.All`	Read and write all reports the user has access to
`Dashboard.Read.All`	Read all dashboards the user has access to
`Dashboard.ReadWrite.All`	Read and write all dashboards the user has access to
`Workspace.Read.All`	Read all workspaces the user has access to
`Workspace.ReadWrite.All`	Read and write all workspaces the user has access to
`Capacity.Read.All`	Read all capacities the user has access to
`Tenant.Read.All`	Read tenant-level metadata for Power BI
`Dataflow.Read.All`	Read all dataflows the user has access to
`Dataflow.ReadWrite.All`	Read and write all dataflows the user has access to
`App.Read.All`	Read all apps the user has access to
`App.ReadWrite.All`	Read and write all apps the user has access to
`offline_access`	Access to refresh tokens for offline access
`User.Read.All`	Read user profiles in the organization

API gotchas

You can find permissions required for each API call in their corresponding API methods section, i.e, to get a dashboard in Microsoft Power Bi, you can have a look at Get Dashboard permission.

Make sure you request the offline_access scope to get a refresh token and keep access with your integration.
Microsoft offers a tool that allows you to construct and perform Graph API queries and see their response for any apps on which you have an admin, developer, or tester role. For more information you can check Microsoft Graph Explorer.
Please be aware that the Microsoft Graph API implements throttling to manage the volume of requests. For more information on handling throttling, refer to the Microsoft Graph Throttling Guidance.
Microsoft Graph API has different versions (v1.0 and beta). The v1.0 endpoint is for production use, while the beta endpoint contains features that are still in preview.
When requesting permissions that require admin consent, users without admin privileges will not be able to complete the OAuth flow unless an admin has pre-authorized the permissions.
For multitenant applications, you may need to handle tenant-specific endpoints and permissions.
You can set the .default scope documentation to ensure the permissions remain the same as those granted at the organization level.
The .default scope can’t be combined with the scopes registered in the Azure portal. So either just use the .default scope or remove it to list out explicit parameters that are required. If you attempt to combine them you’ll receive the following error

.default scope can't be combined with resource-specific scopes

If you require a user to reauthenticate and force them to accept scopes that have been updated or changed you can force a prompt via the authorization_params:

const { data } = await nango.createConnectSession({
  [...],
  integrations_config_defaults: {
    "<provider-name>": {
      authorization_params: {
        "prompt": "consent"
      }
    }
  }
});

Contribute API gotchas by editing this page

On this page

Overview
Pre-built tooling
Pre-built integrations
Access requirements
Setup guide
Useful links
Common Scopes
API gotchas

​Overview

Pre-built tooling

Pre-built integrations

Access requirements

Setup guide

Useful links

API gotchas

​Pre-built tooling

​Pre-built integrations

​Access requirements

​Setup guide

​Useful links

​Common Scopes

​API gotchas

​Overview

Pre-built tooling

Pre-built integrations

Access requirements

Setup guide

Useful links

API gotchas

​Pre-built tooling

​Pre-built integrations

​Access requirements

​Setup guide

​Useful links

​Common Scopes

​API gotchas

Overview

Pre-built tooling

Pre-built integrations

Access requirements

Setup guide

Useful links

Common Scopes

API gotchas

Overview

Pre-built tooling

Pre-built integrations

Access requirements

Setup guide

Useful links

Common Scopes

API gotchas