User Guide Getting Started Help Center Documentation Community Training
Looker
Looker API Authentication

To do anything with the Looker API you’ll first need to authenticate to it. The steps you’ll need to take depend on whether or not you’re using an SDK.

Authentication with a SDK (recommended)

  1. Create API3 credentials on the Users page in the Admin section of your Looker instance. If you’re not a Looker Admin, ask your Looker Admin to create the API3 credentials for you.

    API3 credentials are always bound to a Looker user account. API requests execute “as” the user associated with the API3 credentials. Calls to the API will only return data that the user is allowed to see, and modify only what the user is allowed to modify.

  2. The API3 credentials that you generated include a client ID and a client secret. You’ll need to provide these to the SDK. The instructions for doing so can be found in the SDK documentation.

The SDK will then take care of obtaining the necessary access tokens and inserting them into all subsequent API requests.

Authentication Without a SDK

  1. Create API3 credentials on the Users page in the Admin section of your Looker instance. If you’re not a Looker Admin, ask your Looker Admin to create the API3 credentials for you.

    API3 credentials are always bound to a Looker user account. API requests execute “as” the user associated with the API3 credentials. Calls to the API will only return data that the user is allowed to see, and modify only what the user is allowed to modify.

  2. Obtain a short-term, OAuth 2.0 access token by calling the login endpoint of the API. You’ll need to provide the API3 credentials that you generated in step 1, which includes a client ID and a client secret.

  3. Place that access token into the HTTP authorization header of Looker API requests. An example Looker API request with an authorization header might look like this:

    GET /api/3.0/user HTTP/1.1
    Host: test.looker.com
    Date: Wed, 19 Oct 2016 12:34:56 -0700
    Authorization: token mt6Xc8jJC9GfJzKBQ5SqFZTZRVX8KY6k49TMPS8F
    

The OAuth 2.0 access token can be used on multiple API requests, until the access token expires or is invalidated by calling the logout endpoint. API requests using an expired access token will fail with a 401 Authorization Required HTTP response.

API Interaction with User Login Settings

Looker API authentication is completely independent of Looker user login. User authentication protocols such as one-time passcodes (OTP, 2FA) and directory authentication (LDAP, SAML, etc) do not apply to Looker API authentication.

Managing API Credentials

HTTPS Authentication

Even if you’re using a client SDK to take care of the authentication details for you, you may still be curious about how Looker API authentication works. For low-level details about authentication, see How to Authenticate to the Looker API on GitHub.

Top