Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
amaaiia
Contributor III

Get workspace components git status through API call

โ€Ž09-25-2025 01:01 AM

Hi,

I'm trying to get workspace components git status calling GET https://api.fabric.microsoft.com/v1/workspaces/{workspaceId}/git/status (https://learn.microsoft.com/es-es/rest/api/fabric/core/git/get-status).

 

I use de "Try it" tab in the official page, and using my user token, it works. However, I need it to do with service principal authentication. Doc says Workspace.GitUpdate.All is enough: 

amaaiia_0-1758786737190.png


I've added this API permission to my registered APP. 

 

However, I call the API and I get a 400 bad request error: 

amaaiia_1-1758786905434.png

If I change the token and I set my personal account token, it works. The issue is happening when I put registered APP token. 

 

I get the token with: 

{ "method": "POST", "headers": { "Content-Type": "application/x-www-form-urlencoded" }, "body": "grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>&scope=  https://analysis.windows.net/powerbi/api/.default " } 

 

I've used this token also for other API calls such us:  

https://api.fabric.microsoft.com/v1/workspaces/{workspaceId}/{element_type}
And it works, so I gess the token is correct for the scope of Fabric. I don't know why I'm getting a 400 bad request response.
 
Thanks.

 

 

Message 1 of 9
349 Views
0
8 REPLIES 8
tayloramy
Contributor

โ€Ž09-25-2025 09:02 PM

Hi @amaaiia

 

Does the sersvicce principal have contributor or higher on the workspaces? These permissions are different from the delegated permissions in my experience. 

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution. 

Message 2 of 9
299 Views
amaaiia
Contributor III
In response to tayloramy

โ€Ž09-29-2025 06:22 AM

Contributor role on the workspace

Message 3 of 9
232 Views
0
tayloramy
Contributor
In response to amaaiia

โ€Ž09-29-2025 07:44 AM

Hi @amaaiia

 

Can you show me the exact POST request that you're sending? A 400 error usually means that your request is incorrect. Microsoft's APIs are particularly picky when it comes to the parameters and body.  

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution. 

Message 4 of 9
230 Views
0
amaaiia
Contributor III
In response to tayloramy

โ€Ž09-29-2025 08:04 AM

The POST request should be ok because if I change the Bearer token with a token of my personal account, I get 200 OK:

amaaiia_4-1759158246332.png

 

If I use service principal token, then I get 400:

amaaiia_3-1759158193676.png

 

But the POST request is the same.

Message 5 of 9
227 Views
0
tayloramy
Contributor
In response to amaaiia

โ€Ž09-29-2025 08:20 AM

@amaaiia Thanks for the info, so something is up with the service principal. 

 

How are you generating the bearer token? 

Can toy also confirm what delegated permissions the service principal has? 
Here's my function for generating the bearer token using the MSAL library

def get_access_token():
    app = ConfidentialClientApplication(
        CLIENT_ID,
        authority=AUTHORITY,
        client_credential=CLIENT_SECRET,
    )
    result = app.acquire_token_for_client(scopes=SCOPE)
    
    if 'access_token' in result:
        return result['access_token']
    else:
        error = result.get('error', 'No error information')
        error_description = result.get('error_description', 'No description')
        raise Exception(f"Could not obtain access token. Error: {error}. Description: {error_description}")

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution. 

Message 6 of 9
222 Views
amaaiia
Contributor III
In response to tayloramy

โ€Ž09-30-2025 04:54 AM

I get the token with: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token

{ "method": "POST", "headers": { "Content-Type": "application/x-www-form-urlencoded" }, "body": "grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>&scope=  https://analysis.windows.net/powerbi/api/.default " } 

 

And it works because I'm using it for other Fabric API calls such us: https://api.fabric.microsoft.com/v1/workspaces/{workspaceId}/{element_type}

 

These are API permissions, doc says GitUpdate is enough:

amaaiia_0-1759233244584.png

 

Message 7 of 9
188 Views
0
tayloramy
Contributor
In response to amaaiia

โ€Ž09-30-2025 09:36 AM

Hi @amaaiia

 

It looks like you're doing everything right. I'd recommend opening a ticket with Microsoft at this point. 

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.  

Message 8 of 9
182 Views
0
v-sdhruv
Honored Contributor

โ€Ž10-01-2025 03:33 AM

Hi @amaaiia ,

I hope you were successfully able to raise the support ticket.
If you have any issues, please let us know.
Thank You

Message 9 of 9
168 Views
0

Helpful resources

Announcements
View All
Users online (11,088)