Power BI embedded report

Owned by Jugraj Rahal (Unlicensed)
Last updated: May 23, 2023
2 min read

Purpose

The purpose of this investigation was to identify a way to embed a Power BI report into the ROFS web app. The potential routes are as follows ; 1. Directly embed the report 2.Embed the report using an API

 

Findings
Directly embed the report:

Embed a report in a secure portal or website - Power BI

Power BI has a built in option to embed a report into a website. This option generates a ‘iFrame’ html component, with the desired report set as the ‘src’ property. This is supposed to be a low code solution to enable users to access a report, but with limitations.

Pros:
-Very lightweight, small coding change required
-Authentication is handled by report owner, nothing for us to manage
-Can add things URL filters to enable pre-filtering on the reports

Cons:
-Limited actions, i.e user can only read and interact with report but cannot make edits even if they are authorized
-User have to click “Sign In” before accessing the report

CORS Headers

One thing we have to pay attention to when trying to embed the content is to see if the power BI CORS headers allow for cross site requests. After investigating with Fiddler, it was found that with the embedded report the request is sent out with origin ‘http://app.powerbi.com ’ , and the response contains ‘http://app.powerbi.com ’ in its ‘Access-control-allow-origin’ header. This should mean that we won’t run into any issues with CORS.

 

Embed the report using an API

Power BI REST APIs for embedded analytics and automation - Power BI REST API

Power BI has a REST API that can be consumed for a multitude of uses , including working with reports. Although the setup is more heavy than the low code embed option, it allows users to do alot more.

Pros:
-Extensive capabilities, allows users to do almost anything that they can do directly from the PowerBI page, including editing reports.
-Smoother sign on experience, users wont have to click “Sign in” on the PowerBi report

Cons:
-Authentication/authorization is handled on our side, which means alot more configuration and maintenance. We also need cloud team assistance when setting the ‘Api permissions' within our app registration, this has proven to cause delays in the past.

 

Conclusion

I suggest that we would should use option 1 “Directly embed the report” , due to it’s ease of implementation and low code approach. Given that our current requirements are just for the user to view a report, it seems like overkill to integrate the API for additional feature that we do not need. Furthermore directly embedding the report means that we do not have to worry about BI token management or setting up API permissions on the cloud level.