...
Cons:
-Limited actions, i.e user can only read and interact with report but cannot make edits even if they are authorized
-User have to click “Sign In” before accessing the report
CORS Headers
One thing we have to pay attention to when trying to embed the content is to see if the power BI CORS headers allow for cross site requests. After investigating with Fiddler, it was found that with the embedded report the request is sent out with origin ‘http://app.powerbi.com ’ , and the response contains ‘http://app.powerbi.com ’ in its ‘Access-control-allow-origin’ header. This should mean that we won’t run into any issues with CORS.
...
Embed the report using an API
...
Cons:
-Authentication/authorization is handled on our side, which means alot more configuration and maintenance. We also need cloud team assistance when setting the ‘Api permissions' within our app registration, this has proven to cause delays in the past.
Conclusion
I suggest that we would should use option 1 “Directly embed the report” , due to it’s ease of implementation and low code approach. Given that our current requirements are just for the user to view a report, it seems like overkill to integrate the API for additional feature that we do not need. Furthermore directly embedding the report means that we do not have to worry about BI token management or setting up API permissions on the cloud level.
...