Articles in this section

Connect API with Power BI

Power BI Desktop: Connect to the PhishingBox API (api-token + JSON)

The following guide details a quick, copy‑pasteable walkthrough for setting up an API connection that sends api-token: <token> and Content-Type: application/json in Power BI Desktop.

  1. Prerequisites
  2. Method A — “Get Data → Web” (Advanced)
  3. Method B — Power Query (M) with custom headers
  4. Optional — Store your token in a Parameter
  5. Shaping & Expanding JSON
  6. Troubleshooting

 

Prerequisites

  • Power BI Desktop (current version)
  • Main API base URL: https://api.phishingbox.com/api/v2/
  • A valid API token for the api-token header

Tip: Test with curl first. Example (replace <TOKEN>):

curl -H "api-token: <TOKEN>" -H "Content-Type: application/json" https://api.phishingbox.com/api/v2/account/get

 

Method A — “Get Data → Web” (Advanced)

  1. Open Power BI Desktop → Home → Get Data → Web.
    powerbi-1.png
  2. Click Advanced.
  3. Put your full API URL into URL parts (for example: https://api.phishingbox.com/api/v2/test/all).
  4. Under HTTP request header parameters add the two headers:
    • Key: api-token
    • Value: <YOUR_TOKEN>
    • Key: Content-Type
    • Value: application/json
    • powerbi-2.png
  5. Click OK. If prompted about credentials, choose Anonymous (headers handle auth).
Note: Put the exact header name api-token — it is case sensitive on some servers.

 

 

 

Method B — Power Query (M) with custom headers

Use the Advanced Editor for full control. Below is a template you can paste and update.

  1. Go to Home → Transform Data → Advanced Editor.
  2. Paste and edit this template — it calls the PhishingBox API base URL and includes both required headers:
let
    url = "https://api.phishingbox.com/api/v2/test/all",   // change path as needed
    token = "YOUR_API_TOKEN_HERE",
    headers = [
        #"api-token" = token,
        #"Content-Type" = "application/json",
        #"Accept" = "application/json"
    ],
    options = [
        Headers = headers,
        Timeout = #duration(0,0,2,0)  // 2 minutes
    ],
    response = Web.Contents(url, options),
    json = Json.Document(response)
in
    json
Privacy Levels: If prompted, set the data source to Organizational or as appropriate. Mismatched privacy levels can block queries.

 

Optional — Store your token in a Parameter

  1. In Power Query, go to Manage Parameters → New Parameter.
  2. Name it apiToken, Type: Text, Suggested Values: Any value.
  3. Update the M code to use it:
let
    url = "https://api.phishingbox.com/api/v2/tes",
    token = apiToken,
    headers = [
        #"api-token" = token,
        #"Content-Type" = "application/json"
    ],
    response = Web.Contents(url, [ Headers = headers ]),
    json = Json.Document(response)
in
    json
Why use a Parameter? Easier rotation of tokens, and you can mark it as Sensitive so it’s not shown in plain text in UI.

 

Shaping & Expanding JSON

After loading JSON, use Power Query’s UI:

  • To Table → Expand columns
  • Rename fields, change data types, and remove unwanted columns
  • Close & Apply to load into the data model

 

Troubleshooting

  • 401/403 Unauthorized: Verify the api-token value and ensure the token has the necessary API scopes.
  • Incorrect content-type: Make sure Content-Type: application/json is included when sending JSON payloads.
  • CORS / 3xx / 5xx: If you see unexpected redirects or errors, test with curl -v to inspect headers.
  • Timeouts: Increase Timeout in Web.Contents options.
  • Pagination: Your API may return pages. Implement loops with List.Generate or supply Query options like page/limit.
// Example adding query params
Web.Contents(
  "https://api.phishingbox.com/api/v2/test/all",
  [ Headers = [#"api-token" = token, #"Content-Type" = "application/json"],
    Query = [ page = "1", limit = "100" ]
  ])

Made for quick onboarding to PhishingBox API. Paste, modify, connect. 🚀

Was this article helpful?
0 out of 0 found this helpful