Editar

Compartir a través de


Identity support

Microsoft Fabric REST APIs are designed for making changes to Fabric. To make these changes, you need to allow the API to sign in to Fabric. This article explains the different types of identities you use to authenticate when accessing the Fabric service.

  • User - A Microsoft Entra user. The user is required to have the API's specified scopes to access the Fabric service.

  • Service principal - A service principal is an entity that's used to run an application or service. Service principals can be used to authenticate and authorize applications to access resources in Fabric.

  • Managed identity - A managed identity provides an automatically managed identity in Microsoft Entra ID for applications, without needing to manage credentials. Your API can use managed identities to authenticate when it's logging into Fabric.

Service principals and managed identities support

This section discusses Fabric REST API support for service principals and managed identities.

Service principal tenant setting

To use service principals and managed identities with Fabric REST APIs, you need to enable the Service principals can use Fabric APIs tenant setting. To enable the setting you need to be a Fabric administrator. If you don't have the Fabric administrator role, contact a Fabric administrator in your organization, to enable the setting.

Screenshot showing the tenant switch: service user can use public APIs tenant.

Supported APIs

Each API's reference page lists whether the API supports service principals and managed identities. When using APIs, consider whether the API call relies on other APIs or items that don't support the calling identity. In such cases, your call will fail.

Unsupported API example

When calling the Items - Create Item API that supports service principals and managed identities, if you try to create a data warehouse that doesn't support service principals and managed identities, the API call fails.

Unsupported item example

When calling the Job Scheduler - Run On Demand Item Job API that supports service principals and managed identities, if you pass a notebook jobType that doesn't support service principals and managed identities, the API call fails.