Technical setup scenarios
This article provides an overview of four typical technical scenarios to create the right setup to suit your organization's requirements.
In general please note that delta data needs to passes through an API that encrypts and transfers it directly to your SQL database.
The API does not store or cache any data.
You have two options:
Multitenant API (hosted in Azure). This is the default method and does not require any setup.
Self-hosted API (which you install within your own environment)
Regardless of the option you choose, all data is encrypted end-to-end until it reaches the database.
With the Self-hosted API, you can define your own encryption key, offering greater control over security.
In theory, the Self-hosted API is the most secure solution, but it requires some installation and light maintenance on your part.
Most of our customers prefer the Multitenant API, as it is still highly secure and more convenient to use.
It's also important to note:
Only the data you write is transferred, and
Only delta values (changes) are sent through the API.
Your data model remains within your Power BI environment.
Data and password encryption:
Data will be encrypted on both the client-side interface and the API. This means that any data sent back to the API will be encrypted before it's transmitted. To make sure only the API can read the data, a private/public key pair will be used for encryption.
This same method will also be applied to handle password values in the configuration. Only the API will be able to decrypt and access the password.
This means that after the password is entered it will not be saved in the PBIX file or other places. Only the new encrypted key is used for extended security.
For the self-hosted API option, customers can use their own private/public key pair for encryption.