User Guide Getting Started Help Center Documentation Community Training
Looker
  
English
Français
Deutsch
日本語
ApiAuth : API Authentication

Login

POST/api/3.0/login
login(client_id, client_secret)

Implementation Notes

Present client credentials to obtain an authorization token.

Looker API implements the OAuth2 Resource Owner Password Credentials Grant pattern. The client credentials required for this login must be obtained by creating an API3 key on a user account in the Looker Admin console. The API3 key consists of a public client_id and a private client_secret.

The access token returned by login must be used in the HTTP Authorization header of subsequent API requests, like this:

Authorization: token 4QDkCyCtZzYgj4C2p2cj3csJH7zqS5RzKs2kTnG4

Replace “4QDkCy…” with the access_token value returned by login. The word token is a string literal and must be included exactly as shown.

This function can accept client_id and client_secret parameters as URL query params or as www-form-urlencoded params in the body of the HTTP request. Since there is a small risk that URL parameters may be visible to intermediate nodes on the network route (proxies, routers, etc), passing credentials in the body of the request is considered more secure than URL params.

Example of passing credentials in the HTTP request body:

POST HTTP /login
Content-Type: application/x-www-form-urlencoded

client_id=CGc9B7v7J48dQSJvxxx&client_secret=nNVS9cSS3xNpSC9JdsBvvvvv

Best Practice:

Always pass credentials in body params. Pass credentials in URL query params only when you cannot pass body params due to application, tool, or other limitations.

For more information and detailed examples of Looker API authorization, see How to Authenticate to Looker API3.

Response Class

AccessToken {
access_token (string, read-only): Access Token used for API calls,
token_type (string, read-only): Type of Token,
expires_in (long, read-only): Number of seconds before the token expires
}

Parameters

Parameter Required? Description Parameter Type Data Type
client_id false client_id part of API3 Key. string string
client_secret false client_secret part of API3 Key. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Login user

POST/api/3.0/login/{user_id}
login_user(user_id)

Implementation Notes

Create an access token for a given user.

This can only be called by an authenticated admin user. It allows that admin to generate a new authentication token for the user with the given user id. That token can then be used for subsequent API calls - which are then performed as that target user.

The target user does not need to have a pre-existing API client_id/client_secret pair. And, no such credentials are created by this call.

This allows for building systems where api user authentication for an arbitrary number of users is done outside of Looker and funneled through a single ‘service account’ with admin permissions. Note that a new access token is generated on each call. If target users are going to be making numerous API calls in a short period then it is wise to cache this authentication token rather than call this before each of those API calls.

See ‘login’ for more detail on the access token and how to use it.

Response Class

AccessToken {
access_token (string, read-only): Access Token used for API calls,
token_type (string, read-only): Type of Token,
expires_in (long, read-only): Number of seconds before the token expires
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user. integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Logout

DELETE/api/3.0/logout
logout()

Implementation Notes

Logout of the API and invalidate the current access token.

Response Class

  None

Parameters

  None

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Logged out successfully. string
Top