Power BI Desktop: Connect to the PhishingBox API (api-token + JSON)
The following guide details a quick, copy‑pasteable walkthrough for setting up an API connection that sends api-token: <token> and Content-Type: application/json in Power BI Desktop.
- Prerequisites
- Method A — “Get Data → Web” (Advanced)
- Method B — Power Query (M) with custom headers
- Optional — Store your token in a Parameter
- Shaping & Expanding JSON
- Troubleshooting
Prerequisites
- Power BI Desktop (current version)
- Main API base URL:
https://api.phishingbox.com/api/v2/ - A valid API token for the
api-tokenheader
Tip: Test with curl first. Example (replace <TOKEN>):
curl -H "api-token: <TOKEN>" -H "Content-Type: application/json" https://api.phishingbox.com/api/v2/account/get
Method A — “Get Data → Web” (Advanced)
- Open Power BI Desktop → Home → Get Data → Web.
- Click Advanced.
- Put your full API URL into URL parts (for example:
https://api.phishingbox.com/api/v2/test/all). - Under HTTP request header parameters add the two headers:
-
Key:
api-token -
Value:
<YOUR_TOKEN> -
Key:
Content-Type -
Value:
application/json
-
Key:
- Click OK. If prompted about credentials, choose Anonymous (headers handle auth).
Note: Put the exact header name
api-token — it is case sensitive on some servers.
Method B — Power Query (M) with custom headers
Use the Advanced Editor for full control. Below is a template you can paste and update.
- Go to Home → Transform Data → Advanced Editor.
- Paste and edit this template — it calls the PhishingBox API base URL and includes both required headers:
let
url = "https://api.phishingbox.com/api/v2/test/all", // change path as needed
token = "YOUR_API_TOKEN_HERE",
headers = [
#"api-token" = token,
#"Content-Type" = "application/json",
#"Accept" = "application/json"
],
options = [
Headers = headers,
Timeout = #duration(0,0,2,0) // 2 minutes
],
response = Web.Contents(url, options),
json = Json.Document(response)
in
json
Privacy Levels: If prompted, set the data source to Organizational or as appropriate. Mismatched privacy levels can block queries.
Optional — Store your token in a Parameter
- In Power Query, go to Manage Parameters → New Parameter.
- Name it
apiToken, Type: Text, Suggested Values: Any value. - Update the M code to use it:
let
url = "https://api.phishingbox.com/api/v2/tes",
token = apiToken,
headers = [
#"api-token" = token,
#"Content-Type" = "application/json"
],
response = Web.Contents(url, [ Headers = headers ]),
json = Json.Document(response)
in
json
Why use a Parameter? Easier rotation of tokens, and you can mark it as Sensitive so it’s not shown in plain text in UI.
Shaping & Expanding JSON
After loading JSON, use Power Query’s UI:
- To Table → Expand columns
- Rename fields, change data types, and remove unwanted columns
- Close & Apply to load into the data model
Troubleshooting
-
401/403 Unauthorized: Verify the
api-tokenvalue and ensure the token has the necessary API scopes. -
Incorrect content-type: Make sure
Content-Type: application/jsonis included when sending JSON payloads. -
CORS / 3xx / 5xx: If you see unexpected redirects or errors, test with
curl -vto inspect headers. -
Timeouts: Increase
TimeoutinWeb.Contentsoptions. -
Pagination: Your API may return pages. Implement loops with
List.Generateor supplyQueryoptions likepage/limit.
// Example adding query params
Web.Contents(
"https://api.phishingbox.com/api/v2/test/all",
[ Headers = [#"api-token" = token, #"Content-Type" = "application/json"],
Query = [ page = "1", limit = "100" ]
])