top of page

How to Securely Connect ServiceM8 to Power BI Using RequestRocket

  • Writer: RequestRocket
    RequestRocket
  • Dec 29, 2025
  • 3 min read

Live Data, Zero Exposure to API Keys

Integrating ServiceM8 with Power BI directly can be tricky. Power BI’s native connectors don’t support OAuth or API key types that can refresh automatically from the Power BI Service. That means hard-coding secrets in your queries or using external staging layers that are expensive or hard to maintain.


RequestRocket replaces lets Power BI use simple Basic authentication while RequestRocket handles any other API authentication behind the scenes. The result is live ServiceM8 reporting with strong security guarantees.


This tutorial shows exactly how to set it up.


What You’ll Achieve


After following these steps:

  • Power BI will refresh live ServiceM8 data on a schedule

  • No ServiceM8 API key is ever stored or visible in Power BI

  • Client credentials can be revoked or limited at any time

  • All API traffic is logged and auditable

Let’s dive into the steps.


Prerequisites


Before starting, make sure you have:

  • A ServiceM8 account and API key

  • A RequestRocket account

  • Power BI Desktop (or Power BI Service) ready to publish dashboards


Step 1 — Set Up a RequestRocket Account


Start by creating a RequestRocket account for the organisation whose ServiceM8 data you want to report on.

This will be the container in which:

  • The ServiceM8 API key is stored securely

  • Proxy credentials are managed

  • Access rules and audit logging are enforced

This separation also helps maintain ownership boundaries between clients.



Step 2 — Create a Target Credential for the ServiceM8 Key


In RequestRocket’s dashboard:

  1. Navigate to Target Credentials → New

  2. Choose Auth: API Key

  3. Enter the ServiceM8 API key with key name X-API-KEY

This credential is stored encrypted and used only by RequestRocket to authenticate to ServiceM8. The API key is never exposed or embedded in client reports. This establishes a zero-trust authentication boundary.


Step 3 — Create Proxy Credentials


Next, define credentials that Power BI or any other consumer will use:

  1. Go to Proxy Credentials → New

  2. Set Auth: Basic

  3. Generate or enter a username and password

These are the only credentials Power BI will ever need. They are distinct from the ServiceM8 API key and can be rotated or revoked independently.


Step 4 — Configure a RequestRocket Authentication Proxy


Now tie everything together:

  1. Go to Proxies → New

  2. Choose the Proxy Credential (from Step 3)

  3. Select the Target (ServiceM8 API)

  4. Choose the Target Credential (from Step 2)

  5. Enable and save

This proxy will act as the intermediary:

  • Accept requests authenticated with Basic credentials

  • Forward them to ServiceM8 using the stored API key

  • Enforces rules you might set on access

  • Logs metadata for every request for auditing

You can see every call being made and control what is allowed.


Once created your Proxy will be assigned a unique URL that you can use with the Proxy Credential that you have configured.


Step 5 — Connect Power BI to RequestRocket


In Power BI Desktop:

  1. Open the Power BI Template Report

  2. Use the Proxy URL returned by RequestRocket

  3. Configure Basic Authentication, entering the proxy username and password

Because RequestRocket handles the real API authentication behind the scenes, Power BI doesn’t need the ServiceM8 API key or any advanced auth flows. The proxy appears just like a Basic Auth endpoint to Power BI.


Step 6 — Bring in Data Securely


With this proxy in place you can call any allowed ServiceM8 endpoint.

  • Make API calls through the proxy URL

  • The ServiceM8 credential is used by the proxy

  • All calls are logged and auditable

This enables secure programmatic downloads without ever handling the client’s secret.



Why This Pattern Matters


Zero Trust Security

The ServiceM8 API key is stored only once, encrypted and secure.


Strong Access Control

Clients can revoke or rotate access without redeploying reports.


Full Observability

Every request is logged, timestamped, and attributable.


Fine-Grained Permissions

Proxies can be limited to specific endpoints.


Simple Power BI Integration

Basic Auth works natively in Power BI, avoiding complicated OAuth or token refresh logic that Power BI does not support natively in the Service.

This is how secure enterprise API integrations should be built — live, controlled, and auditable.


ServiceM8 to Power BI - Summary


Power BI or script→ authenticates with RequestRocket (Basic)→ RequestRocket proxies and authenticates upstream to ServiceM8→ data flows securely, live to your dashboards


No secrets in code.

No exposed keys in reports.

No risk of credential leakage.

Comments

bottom of page