User Guide Getting Started Help Center Documentation Community Training
Looker
  
English
Français
Deutsch
日本語
User : Manage Users

Get Current User

GET/api/3.1/user
me(fields)

Implementation Notes

Get information about the current user; i.e. the user account currently calling the API.

Response Class

User {
avatar_url (string, read-only): URL for the avatar image (may be generic),
credentials_api3 (Array[CredentialsApi3], read-only): API 3 credentials,
credentials_email (CredentialsEmail, read-only): Email/Password login credentials,
credentials_embed (Array[CredentialsEmbed], read-only): Embed credentials,
credentials_google (CredentialsGoogle, read-only): Google auth credentials,
credentials_ldap (CredentialsLDAP, read-only): LDAP credentials,
credentials_looker_openid (CredentialsLookerOpenid, read-only): LookerOpenID credentials. Used for login by Looker Analysts,
credentials_oidc (CredentialsOIDC, read-only): OpenID Connect auth credentials,
credentials_saml (CredentialsSaml, read-only): Saml auth credentials,
credentials_totp (CredentialsTotp, read-only): Two-factor credentials,
display_name (string, read-only): Full name for display (available only if both first_name and last_name are set),
email (string, read-only): EMail address,
embed_group_space_id (long, read-only): (Embed only) ID of user's group space based on the external_group_id optionally specified during embed user login,
first_name (string): First name,
group_ids (Array[long], read-only): Array of ids of the groups for this user,
home_space_id (string): ID string for user's home space,
id (long, read-only): Unique Id,
is_disabled (boolean): Account has been disabled,
last_name (string): Last name,
locale (string): User's preferred locale. User locale takes precedence over Looker's system-wide default locale. Locale determines language of display strings and date and numeric formatting in API responses. Locale string must be a 2 letter language code or a combination of language code and region code: 'en' or 'en-US', for example.,
looker_versions (Array[string], read-only): Array of strings representing the Looker versions that this user has used (this only goes back as far as '3.54.0'),
models_dir_validated (boolean): User's dev workspace has been checked for presence of applicable production projects,
personal_space_id (long, read-only): ID of user's personal space,
presumed_looker_employee (boolean, read-only): User is identified as an employee of Looker,
role_ids (Array[long], read-only): Array of ids of the roles for this user,
sessions (Array[Session], read-only): Active sessions,
ui_state (object): Per user dictionary of undocumented state information owned by the Looker UI.,
verified_looker_employee (boolean, read-only): User is identified as an employee of Looker who has been verified via Looker corporate authentication,
roles_externally_managed (boolean, read-only): User's roles are managed by an external directory like SAML or LDAP and can not be changed directly.,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsApi3 {
id (long, read-only): Unique Id,
client_id (string, read-only): API key client_id,
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmbed {
created_at (string, read-only): Timestamp for the creation of this credential,
external_group_id (string, read-only): Embedder's id for a group to which this user was added during the most recent login,
external_user_id (string, read-only): Embedder's unique id for the user,
id (long, read-only): Unique Id,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsGoogle {
created_at (string, read-only): Timestamp for the creation of this credential,
domain (string, read-only): Google domain,
email (string, read-only): EMail address,
google_user_id (string, read-only): Google's Unique ID for this user,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLDAP {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
ldap_dn (string, read-only): LDAP Distinguished name for this user (as-of the last login),
ldap_id (string, read-only): LDAP Unique ID for this user,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLookerOpenid {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address used for user login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
logged_in_ip (string, read-only): IP address of client for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsOIDC {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
oidc_user_id (string, read-only): OIDC OP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsSaml {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
saml_user_id (string, read-only): Saml IdP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsTotp {
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
verified (boolean, read-only): User has verified,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
Session {
id (long, read-only): Unique Id,
ip_address (string, read-only): IP address of user when this session was initiated,
browser (string, read-only): User's browser type,
operating_system (string, read-only): User's Operating System,
city (string, read-only): City component of user location (derived from IP address),
state (string, read-only): State component of user location (derived from IP address),
country (string, read-only): Country component of user location (derived from IP address),
credentials_type (string, read-only): Type of credentials used for logging in this session,
extended_at (string, read-only): Time when this session was last extended by the user,
extended_count (long, read-only): Number of times this session was extended,
sudo_user_id (long, read-only): Actual user in the case when this session represents one user sudo'ing as another,
created_at (string, read-only): Time when this session was initiated,
expires_at (string, read-only): Time when this session will expire,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Get All Users

GET/api/3.1/users
all_users(fields, page, per_page, sorts, ids)

Implementation Notes

Get information about all users.

Response Class

  array

Parameters

Parameter Required? Description Parameter Type Data Type
fields false Requested fields. string string
page false Requested page. integer int64
per_page false Results per page. integer int64
sorts false Fields to sort by. string string
ids false Optional list of ids to get specific users. array array

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Create User

POST/api/3.1/users
create_user(body, fields)

Implementation Notes

Create a user with the specified information.

Response Class

User {
avatar_url (string, read-only): URL for the avatar image (may be generic),
credentials_api3 (Array[CredentialsApi3], read-only): API 3 credentials,
credentials_email (CredentialsEmail, read-only): Email/Password login credentials,
credentials_embed (Array[CredentialsEmbed], read-only): Embed credentials,
credentials_google (CredentialsGoogle, read-only): Google auth credentials,
credentials_ldap (CredentialsLDAP, read-only): LDAP credentials,
credentials_looker_openid (CredentialsLookerOpenid, read-only): LookerOpenID credentials. Used for login by Looker Analysts,
credentials_oidc (CredentialsOIDC, read-only): OpenID Connect auth credentials,
credentials_saml (CredentialsSaml, read-only): Saml auth credentials,
credentials_totp (CredentialsTotp, read-only): Two-factor credentials,
display_name (string, read-only): Full name for display (available only if both first_name and last_name are set),
email (string, read-only): EMail address,
embed_group_space_id (long, read-only): (Embed only) ID of user's group space based on the external_group_id optionally specified during embed user login,
first_name (string): First name,
group_ids (Array[long], read-only): Array of ids of the groups for this user,
home_space_id (string): ID string for user's home space,
id (long, read-only): Unique Id,
is_disabled (boolean): Account has been disabled,
last_name (string): Last name,
locale (string): User's preferred locale. User locale takes precedence over Looker's system-wide default locale. Locale determines language of display strings and date and numeric formatting in API responses. Locale string must be a 2 letter language code or a combination of language code and region code: 'en' or 'en-US', for example.,
looker_versions (Array[string], read-only): Array of strings representing the Looker versions that this user has used (this only goes back as far as '3.54.0'),
models_dir_validated (boolean): User's dev workspace has been checked for presence of applicable production projects,
personal_space_id (long, read-only): ID of user's personal space,
presumed_looker_employee (boolean, read-only): User is identified as an employee of Looker,
role_ids (Array[long], read-only): Array of ids of the roles for this user,
sessions (Array[Session], read-only): Active sessions,
ui_state (object): Per user dictionary of undocumented state information owned by the Looker UI.,
verified_looker_employee (boolean, read-only): User is identified as an employee of Looker who has been verified via Looker corporate authentication,
roles_externally_managed (boolean, read-only): User's roles are managed by an external directory like SAML or LDAP and can not be changed directly.,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsApi3 {
id (long, read-only): Unique Id,
client_id (string, read-only): API key client_id,
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmbed {
created_at (string, read-only): Timestamp for the creation of this credential,
external_group_id (string, read-only): Embedder's id for a group to which this user was added during the most recent login,
external_user_id (string, read-only): Embedder's unique id for the user,
id (long, read-only): Unique Id,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsGoogle {
created_at (string, read-only): Timestamp for the creation of this credential,
domain (string, read-only): Google domain,
email (string, read-only): EMail address,
google_user_id (string, read-only): Google's Unique ID for this user,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLDAP {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
ldap_dn (string, read-only): LDAP Distinguished name for this user (as-of the last login),
ldap_id (string, read-only): LDAP Unique ID for this user,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLookerOpenid {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address used for user login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
logged_in_ip (string, read-only): IP address of client for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsOIDC {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
oidc_user_id (string, read-only): OIDC OP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsSaml {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
saml_user_id (string, read-only): Saml IdP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsTotp {
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
verified (boolean, read-only): User has verified,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
Session {
id (long, read-only): Unique Id,
ip_address (string, read-only): IP address of user when this session was initiated,
browser (string, read-only): User's browser type,
operating_system (string, read-only): User's Operating System,
city (string, read-only): City component of user location (derived from IP address),
state (string, read-only): State component of user location (derived from IP address),
country (string, read-only): Country component of user location (derived from IP address),
credentials_type (string, read-only): Type of credentials used for logging in this session,
extended_at (string, read-only): Time when this session was last extended by the user,
extended_count (long, read-only): Number of times this session was extended,
sudo_user_id (long, read-only): Actual user in the case when this session represents one user sudo'ing as another,
created_at (string, read-only): Time when this session was initiated,
expires_at (string, read-only): Time when this session will expire,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
body false User body
User {
avatar_url (string, read-only): URL for the avatar image (may be generic),
credentials_api3 (Array[CredentialsApi3], read-only): API 3 credentials,
credentials_email (CredentialsEmail, read-only): Email/Password login credentials,
credentials_embed (Array[CredentialsEmbed], read-only): Embed credentials,
credentials_google (CredentialsGoogle, read-only): Google auth credentials,
credentials_ldap (CredentialsLDAP, read-only): LDAP credentials,
credentials_looker_openid (CredentialsLookerOpenid, read-only): LookerOpenID credentials. Used for login by Looker Analysts,
credentials_oidc (CredentialsOIDC, read-only): OpenID Connect auth credentials,
credentials_saml (CredentialsSaml, read-only): Saml auth credentials,
credentials_totp (CredentialsTotp, read-only): Two-factor credentials,
display_name (string, read-only): Full name for display (available only if both first_name and last_name are set),
email (string, read-only): EMail address,
embed_group_space_id (long, read-only): (Embed only) ID of user's group space based on the external_group_id optionally specified during embed user login,
first_name (string): First name,
group_ids (Array[long], read-only): Array of ids of the groups for this user,
home_space_id (string): ID string for user's home space,
id (long, read-only): Unique Id,
is_disabled (boolean): Account has been disabled,
last_name (string): Last name,
locale (string): User's preferred locale. User locale takes precedence over Looker's system-wide default locale. Locale determines language of display strings and date and numeric formatting in API responses. Locale string must be a 2 letter language code or a combination of language code and region code: 'en' or 'en-US', for example.,
looker_versions (Array[string], read-only): Array of strings representing the Looker versions that this user has used (this only goes back as far as '3.54.0'),
models_dir_validated (boolean): User's dev workspace has been checked for presence of applicable production projects,
personal_space_id (long, read-only): ID of user's personal space,
presumed_looker_employee (boolean, read-only): User is identified as an employee of Looker,
role_ids (Array[long], read-only): Array of ids of the roles for this user,
sessions (Array[Session], read-only): Active sessions,
ui_state (object): Per user dictionary of undocumented state information owned by the Looker UI.,
verified_looker_employee (boolean, read-only): User is identified as an employee of Looker who has been verified via Looker corporate authentication,
roles_externally_managed (boolean, read-only): User's roles are managed by an external directory like SAML or LDAP and can not be changed directly.,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsApi3 {
id (long, read-only): Unique Id,
client_id (string, read-only): API key client_id,
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmbed {
created_at (string, read-only): Timestamp for the creation of this credential,
external_group_id (string, read-only): Embedder's id for a group to which this user was added during the most recent login,
external_user_id (string, read-only): Embedder's unique id for the user,
id (long, read-only): Unique Id,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsGoogle {
created_at (string, read-only): Timestamp for the creation of this credential,
domain (string, read-only): Google domain,
email (string, read-only): EMail address,
google_user_id (string, read-only): Google's Unique ID for this user,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLDAP {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
ldap_dn (string, read-only): LDAP Distinguished name for this user (as-of the last login),
ldap_id (string, read-only): LDAP Unique ID for this user,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLookerOpenid {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address used for user login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
logged_in_ip (string, read-only): IP address of client for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsOIDC {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
oidc_user_id (string, read-only): OIDC OP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsSaml {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
saml_user_id (string, read-only): Saml IdP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsTotp {
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
verified (boolean, read-only): User has verified,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
Session {
id (long, read-only): Unique Id,
ip_address (string, read-only): IP address of user when this session was initiated,
browser (string, read-only): User's browser type,
operating_system (string, read-only): User's Operating System,
city (string, read-only): City component of user location (derived from IP address),
state (string, read-only): State component of user location (derived from IP address),
country (string, read-only): Country component of user location (derived from IP address),
credentials_type (string, read-only): Type of credentials used for logging in this session,
extended_at (string, read-only): Time when this session was last extended by the user,
extended_count (long, read-only): Number of times this session was extended,
sudo_user_id (long, read-only): Actual user in the case when this session represents one user sudo'ing as another,
created_at (string, read-only): Time when this session was initiated,
expires_at (string, read-only): Time when this session will expire,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
409 Resource Already Exists
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
422 Validation Error
ValidationError {
message (string, read-only, required): Error details,
errors (Array[ValidationErrorDetail], read-only): Error detail array,
documentation_url (string, read-only, required): Documentation link
}
ValidationErrorDetail {
field (string, read-only): Field with error,
code (string, read-only): Error code,
message (string, read-only): Error info message,
documentation_url (string, read-only, required): Documentation link
}

Search Users

GET/api/3.1/users/search
search_users(fields, page, per_page, sorts, id, first_name, last_name, verified_looker_employee, email, is_disabled, filter_or, content_metadata_id, group_id)

Implementation Notes

Search users.

Returns all* user records that match the given search criteria.

If multiple search params are given and filter_or is FALSE or not specified, search params are combined in a logical AND operation. Only rows that match all search param criteria will be returned.

If filter_or is TRUE, multiple search params are combined in a logical OR operation. Results will include rows that match any of the search criteria.

String search params use case-insensitive matching. String search params can contain % and ‘_’ as SQL LIKE pattern match wildcard expressions. example=”dan%” will match “danger” and “Danzig” but not “David” example=”D_m%” will match “Damage” and “dump”

Integer search params can accept a single value or a comma separated list of values. The multiple values will be combined under a logical OR operation - results will match at least one of the given values.

Most search params can accept “IS NULL” and “NOT NULL” as special expressions to match or exclude (respectively) rows where the column is null.

Boolean search params accept only “true” and “false” as values.

(*) Results are always filtered to the level of information the caller is permitted to view. Looker admins can see all user details; normal users in an open system can see names of other users but no details; normal users in a closed system can only see names of other users who are members of the same group as the user.

Response Class

  array

Parameters

Parameter Required? Description Parameter Type Data Type
fields false Include only these fields in the response string string
page false Return only page N of paginated results integer int64
per_page false Return N rows of data per page integer int64
sorts false Fields to sort by. string string
id false Match User Id. integer int64
first_name false Match First name. string string
last_name false Match Last name. string string
verified_looker_employee false Search for user accounts associated with Looker employees boolean boolean
email false Search for the user with this email address string string
is_disabled false Search for disabled user accounts boolean boolean
filter_or false Combine given search criteria in a boolean OR expression boolean boolean
content_metadata_id false Search for users who have access to this content_metadata item integer int64
group_id false Search for users who are direct members of this group integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Search User Names

GET/api/3.1/users/search/names/{pattern}
search_users_names(pattern, fields, page, per_page, sorts, id, first_name, last_name, verified_looker_employee, email, is_disabled)

Implementation Notes

Search for user accounts by name.

Returns all user accounts where first_name OR last_name OR email field values match a pattern. The pattern can contain % and _ wildcards as in SQL LIKE expressions.

Any additional search params will be combined into a logical AND expression.

Response Class

  array

Parameters

Parameter Required? Description Parameter Type Data Type
pattern true Pattern to match string string
fields false Include only these fields in the response string string
page false Return only page N of paginated results integer int64
per_page false Return N rows of data per page integer int64
sorts false Fields to sort by string string
id false Match User Id integer int64
first_name false Match First name string string
last_name false Match Last name string string
verified_looker_employee false Match Verified Looker employee boolean boolean
email false Match Email Address string string
is_disabled false Include or exclude disabled accounts in the results boolean boolean

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Get User by Id

GET/api/3.1/users/{user_id}
user(user_id, fields)

Implementation Notes

Get information about the user with a specific id.

If the caller is an admin or the caller is the user being specified, then full user information will be returned. Otherwise, a minimal ‘public’ variant of the user information will be returned. This contains The user name and avatar url, but no sensitive information.

Response Class

User {
avatar_url (string, read-only): URL for the avatar image (may be generic),
credentials_api3 (Array[CredentialsApi3], read-only): API 3 credentials,
credentials_email (CredentialsEmail, read-only): Email/Password login credentials,
credentials_embed (Array[CredentialsEmbed], read-only): Embed credentials,
credentials_google (CredentialsGoogle, read-only): Google auth credentials,
credentials_ldap (CredentialsLDAP, read-only): LDAP credentials,
credentials_looker_openid (CredentialsLookerOpenid, read-only): LookerOpenID credentials. Used for login by Looker Analysts,
credentials_oidc (CredentialsOIDC, read-only): OpenID Connect auth credentials,
credentials_saml (CredentialsSaml, read-only): Saml auth credentials,
credentials_totp (CredentialsTotp, read-only): Two-factor credentials,
display_name (string, read-only): Full name for display (available only if both first_name and last_name are set),
email (string, read-only): EMail address,
embed_group_space_id (long, read-only): (Embed only) ID of user's group space based on the external_group_id optionally specified during embed user login,
first_name (string): First name,
group_ids (Array[long], read-only): Array of ids of the groups for this user,
home_space_id (string): ID string for user's home space,
id (long, read-only): Unique Id,
is_disabled (boolean): Account has been disabled,
last_name (string): Last name,
locale (string): User's preferred locale. User locale takes precedence over Looker's system-wide default locale. Locale determines language of display strings and date and numeric formatting in API responses. Locale string must be a 2 letter language code or a combination of language code and region code: 'en' or 'en-US', for example.,
looker_versions (Array[string], read-only): Array of strings representing the Looker versions that this user has used (this only goes back as far as '3.54.0'),
models_dir_validated (boolean): User's dev workspace has been checked for presence of applicable production projects,
personal_space_id (long, read-only): ID of user's personal space,
presumed_looker_employee (boolean, read-only): User is identified as an employee of Looker,
role_ids (Array[long], read-only): Array of ids of the roles for this user,
sessions (Array[Session], read-only): Active sessions,
ui_state (object): Per user dictionary of undocumented state information owned by the Looker UI.,
verified_looker_employee (boolean, read-only): User is identified as an employee of Looker who has been verified via Looker corporate authentication,
roles_externally_managed (boolean, read-only): User's roles are managed by an external directory like SAML or LDAP and can not be changed directly.,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsApi3 {
id (long, read-only): Unique Id,
client_id (string, read-only): API key client_id,
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmbed {
created_at (string, read-only): Timestamp for the creation of this credential,
external_group_id (string, read-only): Embedder's id for a group to which this user was added during the most recent login,
external_user_id (string, read-only): Embedder's unique id for the user,
id (long, read-only): Unique Id,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsGoogle {
created_at (string, read-only): Timestamp for the creation of this credential,
domain (string, read-only): Google domain,
email (string, read-only): EMail address,
google_user_id (string, read-only): Google's Unique ID for this user,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLDAP {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
ldap_dn (string, read-only): LDAP Distinguished name for this user (as-of the last login),
ldap_id (string, read-only): LDAP Unique ID for this user,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLookerOpenid {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address used for user login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
logged_in_ip (string, read-only): IP address of client for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsOIDC {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
oidc_user_id (string, read-only): OIDC OP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsSaml {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
saml_user_id (string, read-only): Saml IdP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsTotp {
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
verified (boolean, read-only): User has verified,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
Session {
id (long, read-only): Unique Id,
ip_address (string, read-only): IP address of user when this session was initiated,
browser (string, read-only): User's browser type,
operating_system (string, read-only): User's Operating System,
city (string, read-only): City component of user location (derived from IP address),
state (string, read-only): State component of user location (derived from IP address),
country (string, read-only): Country component of user location (derived from IP address),
credentials_type (string, read-only): Type of credentials used for logging in this session,
extended_at (string, read-only): Time when this session was last extended by the user,
extended_count (long, read-only): Number of times this session was extended,
sudo_user_id (long, read-only): Actual user in the case when this session represents one user sudo'ing as another,
created_at (string, read-only): Time when this session was initiated,
expires_at (string, read-only): Time when this session will expire,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Update User

PATCH/api/3.1/users/{user_id}
update_user(user_id, body, fields)

Implementation Notes

Update information about the user with a specific id.

Response Class

User {
avatar_url (string, read-only): URL for the avatar image (may be generic),
credentials_api3 (Array[CredentialsApi3], read-only): API 3 credentials,
credentials_email (CredentialsEmail, read-only): Email/Password login credentials,
credentials_embed (Array[CredentialsEmbed], read-only): Embed credentials,
credentials_google (CredentialsGoogle, read-only): Google auth credentials,
credentials_ldap (CredentialsLDAP, read-only): LDAP credentials,
credentials_looker_openid (CredentialsLookerOpenid, read-only): LookerOpenID credentials. Used for login by Looker Analysts,
credentials_oidc (CredentialsOIDC, read-only): OpenID Connect auth credentials,
credentials_saml (CredentialsSaml, read-only): Saml auth credentials,
credentials_totp (CredentialsTotp, read-only): Two-factor credentials,
display_name (string, read-only): Full name for display (available only if both first_name and last_name are set),
email (string, read-only): EMail address,
embed_group_space_id (long, read-only): (Embed only) ID of user's group space based on the external_group_id optionally specified during embed user login,
first_name (string): First name,
group_ids (Array[long], read-only): Array of ids of the groups for this user,
home_space_id (string): ID string for user's home space,
id (long, read-only): Unique Id,
is_disabled (boolean): Account has been disabled,
last_name (string): Last name,
locale (string): User's preferred locale. User locale takes precedence over Looker's system-wide default locale. Locale determines language of display strings and date and numeric formatting in API responses. Locale string must be a 2 letter language code or a combination of language code and region code: 'en' or 'en-US', for example.,
looker_versions (Array[string], read-only): Array of strings representing the Looker versions that this user has used (this only goes back as far as '3.54.0'),
models_dir_validated (boolean): User's dev workspace has been checked for presence of applicable production projects,
personal_space_id (long, read-only): ID of user's personal space,
presumed_looker_employee (boolean, read-only): User is identified as an employee of Looker,
role_ids (Array[long], read-only): Array of ids of the roles for this user,
sessions (Array[Session], read-only): Active sessions,
ui_state (object): Per user dictionary of undocumented state information owned by the Looker UI.,
verified_looker_employee (boolean, read-only): User is identified as an employee of Looker who has been verified via Looker corporate authentication,
roles_externally_managed (boolean, read-only): User's roles are managed by an external directory like SAML or LDAP and can not be changed directly.,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsApi3 {
id (long, read-only): Unique Id,
client_id (string, read-only): API key client_id,
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmbed {
created_at (string, read-only): Timestamp for the creation of this credential,
external_group_id (string, read-only): Embedder's id for a group to which this user was added during the most recent login,
external_user_id (string, read-only): Embedder's unique id for the user,
id (long, read-only): Unique Id,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsGoogle {
created_at (string, read-only): Timestamp for the creation of this credential,
domain (string, read-only): Google domain,
email (string, read-only): EMail address,
google_user_id (string, read-only): Google's Unique ID for this user,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLDAP {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
ldap_dn (string, read-only): LDAP Distinguished name for this user (as-of the last login),
ldap_id (string, read-only): LDAP Unique ID for this user,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLookerOpenid {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address used for user login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
logged_in_ip (string, read-only): IP address of client for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsOIDC {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
oidc_user_id (string, read-only): OIDC OP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsSaml {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
saml_user_id (string, read-only): Saml IdP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsTotp {
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
verified (boolean, read-only): User has verified,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
Session {
id (long, read-only): Unique Id,
ip_address (string, read-only): IP address of user when this session was initiated,
browser (string, read-only): User's browser type,
operating_system (string, read-only): User's Operating System,
city (string, read-only): City component of user location (derived from IP address),
state (string, read-only): State component of user location (derived from IP address),
country (string, read-only): Country component of user location (derived from IP address),
credentials_type (string, read-only): Type of credentials used for logging in this session,
extended_at (string, read-only): Time when this session was last extended by the user,
extended_count (long, read-only): Number of times this session was extended,
sudo_user_id (long, read-only): Actual user in the case when this session represents one user sudo'ing as another,
created_at (string, read-only): Time when this session was initiated,
expires_at (string, read-only): Time when this session will expire,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user integer int64
body true User body
User {
avatar_url (string, read-only): URL for the avatar image (may be generic),
credentials_api3 (Array[CredentialsApi3], read-only): API 3 credentials,
credentials_email (CredentialsEmail, read-only): Email/Password login credentials,
credentials_embed (Array[CredentialsEmbed], read-only): Embed credentials,
credentials_google (CredentialsGoogle, read-only): Google auth credentials,
credentials_ldap (CredentialsLDAP, read-only): LDAP credentials,
credentials_looker_openid (CredentialsLookerOpenid, read-only): LookerOpenID credentials. Used for login by Looker Analysts,
credentials_oidc (CredentialsOIDC, read-only): OpenID Connect auth credentials,
credentials_saml (CredentialsSaml, read-only): Saml auth credentials,
credentials_totp (CredentialsTotp, read-only): Two-factor credentials,
display_name (string, read-only): Full name for display (available only if both first_name and last_name are set),
email (string, read-only): EMail address,
embed_group_space_id (long, read-only): (Embed only) ID of user's group space based on the external_group_id optionally specified during embed user login,
first_name (string): First name,
group_ids (Array[long], read-only): Array of ids of the groups for this user,
home_space_id (string): ID string for user's home space,
id (long, read-only): Unique Id,
is_disabled (boolean): Account has been disabled,
last_name (string): Last name,
locale (string): User's preferred locale. User locale takes precedence over Looker's system-wide default locale. Locale determines language of display strings and date and numeric formatting in API responses. Locale string must be a 2 letter language code or a combination of language code and region code: 'en' or 'en-US', for example.,
looker_versions (Array[string], read-only): Array of strings representing the Looker versions that this user has used (this only goes back as far as '3.54.0'),
models_dir_validated (boolean): User's dev workspace has been checked for presence of applicable production projects,
personal_space_id (long, read-only): ID of user's personal space,
presumed_looker_employee (boolean, read-only): User is identified as an employee of Looker,
role_ids (Array[long], read-only): Array of ids of the roles for this user,
sessions (Array[Session], read-only): Active sessions,
ui_state (object): Per user dictionary of undocumented state information owned by the Looker UI.,
verified_looker_employee (boolean, read-only): User is identified as an employee of Looker who has been verified via Looker corporate authentication,
roles_externally_managed (boolean, read-only): User's roles are managed by an external directory like SAML or LDAP and can not be changed directly.,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsApi3 {
id (long, read-only): Unique Id,
client_id (string, read-only): API key client_id,
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmbed {
created_at (string, read-only): Timestamp for the creation of this credential,
external_group_id (string, read-only): Embedder's id for a group to which this user was added during the most recent login,
external_user_id (string, read-only): Embedder's unique id for the user,
id (long, read-only): Unique Id,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsGoogle {
created_at (string, read-only): Timestamp for the creation of this credential,
domain (string, read-only): Google domain,
email (string, read-only): EMail address,
google_user_id (string, read-only): Google's Unique ID for this user,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLDAP {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
ldap_dn (string, read-only): LDAP Distinguished name for this user (as-of the last login),
ldap_id (string, read-only): LDAP Unique ID for this user,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLookerOpenid {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address used for user login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
logged_in_ip (string, read-only): IP address of client for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsOIDC {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
oidc_user_id (string, read-only): OIDC OP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsSaml {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
saml_user_id (string, read-only): Saml IdP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsTotp {
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
verified (boolean, read-only): User has verified,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
Session {
id (long, read-only): Unique Id,
ip_address (string, read-only): IP address of user when this session was initiated,
browser (string, read-only): User's browser type,
operating_system (string, read-only): User's Operating System,
city (string, read-only): City component of user location (derived from IP address),
state (string, read-only): State component of user location (derived from IP address),
country (string, read-only): Country component of user location (derived from IP address),
credentials_type (string, read-only): Type of credentials used for logging in this session,
extended_at (string, read-only): Time when this session was last extended by the user,
extended_count (long, read-only): Number of times this session was extended,
sudo_user_id (long, read-only): Actual user in the case when this session represents one user sudo'ing as another,
created_at (string, read-only): Time when this session was initiated,
expires_at (string, read-only): Time when this session will expire,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
422 Validation Error
ValidationError {
message (string, read-only, required): Error details,
errors (Array[ValidationErrorDetail], read-only): Error detail array,
documentation_url (string, read-only, required): Documentation link
}
ValidationErrorDetail {
field (string, read-only): Field with error,
code (string, read-only): Error code,
message (string, read-only): Error info message,
documentation_url (string, read-only, required): Documentation link
}

Delete User

DELETE/api/3.1/users/{user_id}
delete_user(user_id)

Implementation Notes

Delete the user with a specific id.

DANGER this will delete the user and all looks and other information owned by the user.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
403 Permission Denied
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 User successfully deleted. string

Get User by Credential Id

GET/api/3.1/users/credential/{credential_type}/{credential_id}
user_for_credential(credential_type, credential_id, fields)

Implementation Notes

Get information about the user with a credential of given type with specific id.

This is used to do things like find users by their embed external_user_id. Or, find the user with a given api3 client_id, etc. The ‘credential_type’ matchs the ‘type’ name of the various credential types. It must be one of the values listed in the table below. The ‘credential_id’ is your unique Id for the user and is specific to each type of credential.

An example using the Ruby sdk might look like:

sdk.user_for_credential('embed', 'customer-4959425')

This table shows the supported ‘Credential Type’ strings. The right column is for reference; it shows which field in the given credential type is actually searched when finding a user with the supplied ‘credential_id’.

Credential Types Id Field Matched
email email
google google_user_id
saml saml_user_id
oidc oidc_user_id
ldap ldap_id
api token
api3 client_id
embed external_user_id
looker_openid email

NOTE: The ‘api’ credential type was only used with the legacy Looker query API and is no longer supported. The credential type for API you are currently looking at is ‘api3’.

Response Class

User {
avatar_url (string, read-only): URL for the avatar image (may be generic),
credentials_api3 (Array[CredentialsApi3], read-only): API 3 credentials,
credentials_email (CredentialsEmail, read-only): Email/Password login credentials,
credentials_embed (Array[CredentialsEmbed], read-only): Embed credentials,
credentials_google (CredentialsGoogle, read-only): Google auth credentials,
credentials_ldap (CredentialsLDAP, read-only): LDAP credentials,
credentials_looker_openid (CredentialsLookerOpenid, read-only): LookerOpenID credentials. Used for login by Looker Analysts,
credentials_oidc (CredentialsOIDC, read-only): OpenID Connect auth credentials,
credentials_saml (CredentialsSaml, read-only): Saml auth credentials,
credentials_totp (CredentialsTotp, read-only): Two-factor credentials,
display_name (string, read-only): Full name for display (available only if both first_name and last_name are set),
email (string, read-only): EMail address,
embed_group_space_id (long, read-only): (Embed only) ID of user's group space based on the external_group_id optionally specified during embed user login,
first_name (string): First name,
group_ids (Array[long], read-only): Array of ids of the groups for this user,
home_space_id (string): ID string for user's home space,
id (long, read-only): Unique Id,
is_disabled (boolean): Account has been disabled,
last_name (string): Last name,
locale (string): User's preferred locale. User locale takes precedence over Looker's system-wide default locale. Locale determines language of display strings and date and numeric formatting in API responses. Locale string must be a 2 letter language code or a combination of language code and region code: 'en' or 'en-US', for example.,
looker_versions (Array[string], read-only): Array of strings representing the Looker versions that this user has used (this only goes back as far as '3.54.0'),
models_dir_validated (boolean): User's dev workspace has been checked for presence of applicable production projects,
personal_space_id (long, read-only): ID of user's personal space,
presumed_looker_employee (boolean, read-only): User is identified as an employee of Looker,
role_ids (Array[long], read-only): Array of ids of the roles for this user,
sessions (Array[Session], read-only): Active sessions,
ui_state (object): Per user dictionary of undocumented state information owned by the Looker UI.,
verified_looker_employee (boolean, read-only): User is identified as an employee of Looker who has been verified via Looker corporate authentication,
roles_externally_managed (boolean, read-only): User's roles are managed by an external directory like SAML or LDAP and can not be changed directly.,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsApi3 {
id (long, read-only): Unique Id,
client_id (string, read-only): API key client_id,
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsEmbed {
created_at (string, read-only): Timestamp for the creation of this credential,
external_group_id (string, read-only): Embedder's id for a group to which this user was added during the most recent login,
external_user_id (string, read-only): Embedder's unique id for the user,
id (long, read-only): Unique Id,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsGoogle {
created_at (string, read-only): Timestamp for the creation of this credential,
domain (string, read-only): Google domain,
email (string, read-only): EMail address,
google_user_id (string, read-only): Google's Unique ID for this user,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLDAP {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
ldap_dn (string, read-only): LDAP Distinguished name for this user (as-of the last login),
ldap_id (string, read-only): LDAP Unique ID for this user,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsLookerOpenid {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address used for user login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
logged_in_ip (string, read-only): IP address of client for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsOIDC {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
oidc_user_id (string, read-only): OIDC OP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsSaml {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
saml_user_id (string, read-only): Saml IdP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
CredentialsTotp {
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
verified (boolean, read-only): User has verified,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
Session {
id (long, read-only): Unique Id,
ip_address (string, read-only): IP address of user when this session was initiated,
browser (string, read-only): User's browser type,
operating_system (string, read-only): User's Operating System,
city (string, read-only): City component of user location (derived from IP address),
state (string, read-only): State component of user location (derived from IP address),
country (string, read-only): Country component of user location (derived from IP address),
credentials_type (string, read-only): Type of credentials used for logging in this session,
extended_at (string, read-only): Time when this session was last extended by the user,
extended_count (long, read-only): Number of times this session was extended,
sudo_user_id (long, read-only): Actual user in the case when this session represents one user sudo'ing as another,
created_at (string, read-only): Time when this session was initiated,
expires_at (string, read-only): Time when this session will expire,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
credential_type true Type name of credential string string
credential_id true Id of credential string string
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Get Email/Password Credential

GET/api/3.1/users/{user_id}/credentials_email
user_credentials_email(user_id, fields)

Implementation Notes

Email/password login information for the specified user.

Response Class

CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Create Email/Password Credential

POST/api/3.1/users/{user_id}/credentials_email
create_user_credentials_email(user_id, body, fields)

Implementation Notes

Email/password login information for the specified user.

Response Class

CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
body false Email/Password Credential body
CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
409 Resource Already Exists
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
422 Validation Error
ValidationError {
message (string, read-only, required): Error details,
errors (Array[ValidationErrorDetail], read-only): Error detail array,
documentation_url (string, read-only, required): Documentation link
}
ValidationErrorDetail {
field (string, read-only): Field with error,
code (string, read-only): Error code,
message (string, read-only): Error info message,
documentation_url (string, read-only, required): Documentation link
}

Update Email/Password Credential

PATCH/api/3.1/users/{user_id}/credentials_email
update_user_credentials_email(user_id, body, fields)

Implementation Notes

Email/password login information for the specified user.

Response Class

CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
body true Email/Password Credential body
CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
422 Validation Error
ValidationError {
message (string, read-only, required): Error details,
errors (Array[ValidationErrorDetail], read-only): Error detail array,
documentation_url (string, read-only, required): Documentation link
}
ValidationErrorDetail {
field (string, read-only): Field with error,
code (string, read-only): Error code,
message (string, read-only): Error info message,
documentation_url (string, read-only, required): Documentation link
}

Delete Email/Password Credential

DELETE/api/3.1/users/{user_id}/credentials_email
delete_user_credentials_email(user_id)

Implementation Notes

Email/password login information for the specified user.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Successfully deleted. string

Get Two-Factor Credential

GET/api/3.1/users/{user_id}/credentials_totp
user_credentials_totp(user_id, fields)

Implementation Notes

Two-factor login information for the specified user.

Response Class

CredentialsTotp {
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
verified (boolean, read-only): User has verified,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Create Two-Factor Credential

POST/api/3.1/users/{user_id}/credentials_totp
create_user_credentials_totp(user_id, body, fields)

Implementation Notes

Two-factor login information for the specified user.

Response Class

CredentialsTotp {
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
verified (boolean, read-only): User has verified,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
body false Two-Factor Credential body
CredentialsTotp {
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
verified (boolean, read-only): User has verified,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
409 Resource Already Exists
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
422 Validation Error
ValidationError {
message (string, read-only, required): Error details,
errors (Array[ValidationErrorDetail], read-only): Error detail array,
documentation_url (string, read-only, required): Documentation link
}
ValidationErrorDetail {
field (string, read-only): Field with error,
code (string, read-only): Error code,
message (string, read-only): Error info message,
documentation_url (string, read-only, required): Documentation link
}

Delete Two-Factor Credential

DELETE/api/3.1/users/{user_id}/credentials_totp
delete_user_credentials_totp(user_id)

Implementation Notes

Two-factor login information for the specified user.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Successfully deleted. string

Get LDAP Credential

GET/api/3.1/users/{user_id}/credentials_ldap
user_credentials_ldap(user_id, fields)

Implementation Notes

LDAP login information for the specified user.

Response Class

CredentialsLDAP {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
ldap_dn (string, read-only): LDAP Distinguished name for this user (as-of the last login),
ldap_id (string, read-only): LDAP Unique ID for this user,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Delete LDAP Credential

DELETE/api/3.1/users/{user_id}/credentials_ldap
delete_user_credentials_ldap(user_id)

Implementation Notes

LDAP login information for the specified user.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Successfully deleted. string

Get Google Auth Credential

GET/api/3.1/users/{user_id}/credentials_google
user_credentials_google(user_id, fields)

Implementation Notes

Google authentication login information for the specified user.

Response Class

CredentialsGoogle {
created_at (string, read-only): Timestamp for the creation of this credential,
domain (string, read-only): Google domain,
email (string, read-only): EMail address,
google_user_id (string, read-only): Google's Unique ID for this user,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Delete Google Auth Credential

DELETE/api/3.1/users/{user_id}/credentials_google
delete_user_credentials_google(user_id)

Implementation Notes

Google authentication login information for the specified user.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Successfully deleted. string

Get Saml Auth Credential

GET/api/3.1/users/{user_id}/credentials_saml
user_credentials_saml(user_id, fields)

Implementation Notes

Saml authentication login information for the specified user.

Response Class

CredentialsSaml {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
saml_user_id (string, read-only): Saml IdP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Delete Saml Auth Credential

DELETE/api/3.1/users/{user_id}/credentials_saml
delete_user_credentials_saml(user_id)

Implementation Notes

Saml authentication login information for the specified user.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Successfully deleted. string

Get OIDC Auth Credential

GET/api/3.1/users/{user_id}/credentials_oidc
user_credentials_oidc(user_id, fields)

Implementation Notes

OpenID Connect (OIDC) authentication login information for the specified user.

Response Class

CredentialsOIDC {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
oidc_user_id (string, read-only): OIDC OP's Unique ID for this user,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Delete OIDC Auth Credential

DELETE/api/3.1/users/{user_id}/credentials_oidc
delete_user_credentials_oidc(user_id)

Implementation Notes

OpenID Connect (OIDC) authentication login information for the specified user.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Successfully deleted. string

Get API 3 Credential

GET/api/3.1/users/{user_id}/credentials_api3/{credentials_api3_id}
user_credentials_api3(user_id, credentials_api3_id, fields)

Implementation Notes

API 3 login information for the specified user. This is for the newer API keys that can be added for any user.

Response Class

CredentialsApi3 {
id (long, read-only): Unique Id,
client_id (string, read-only): API key client_id,
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user integer int64
credentials_api3_id true Id of API 3 Credential integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Delete API 3 Credential

DELETE/api/3.1/users/{user_id}/credentials_api3/{credentials_api3_id}
delete_user_credentials_api3(user_id, credentials_api3_id)

Implementation Notes

API 3 login information for the specified user. This is for the newer API keys that can be added for any user.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
credentials_api3_id true id of API 3 Credential integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Successfully deleted. string

Get All API 3 Credentials

GET/api/3.1/users/{user_id}/credentials_api3
all_user_credentials_api3s(user_id, fields)

Implementation Notes

API 3 login information for the specified user. This is for the newer API keys that can be added for any user.

Response Class

  array

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Create API 3 Credential

POST/api/3.1/users/{user_id}/credentials_api3
create_user_credentials_api3(user_id, body, fields)

Implementation Notes

API 3 login information for the specified user. This is for the newer API keys that can be added for any user.

Response Class

CredentialsApi3 {
id (long, read-only): Unique Id,
client_id (string, read-only): API key client_id,
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
body false API 3 Credential body
CredentialsApi3 {
id (long, read-only): Unique Id,
client_id (string, read-only): API key client_id,
created_at (string, read-only): Timestamp for the creation of this credential,
is_disabled (boolean, read-only): Has this credential been disabled?,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
409 Resource Already Exists
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
422 Validation Error
ValidationError {
message (string, read-only, required): Error details,
errors (Array[ValidationErrorDetail], read-only): Error detail array,
documentation_url (string, read-only, required): Documentation link
}
ValidationErrorDetail {
field (string, read-only): Field with error,
code (string, read-only): Error code,
message (string, read-only): Error info message,
documentation_url (string, read-only, required): Documentation link
}

Get Embedding Credential

GET/api/3.1/users/{user_id}/credentials_embed/{credentials_embed_id}
user_credentials_embed(user_id, credentials_embed_id, fields)

Implementation Notes

Embed login information for the specified user.

Response Class

CredentialsEmbed {
created_at (string, read-only): Timestamp for the creation of this credential,
external_group_id (string, read-only): Embedder's id for a group to which this user was added during the most recent login,
external_user_id (string, read-only): Embedder's unique id for the user,
id (long, read-only): Unique Id,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user integer int64
credentials_embed_id true Id of Embedding Credential integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Delete Embedding Credential

DELETE/api/3.1/users/{user_id}/credentials_embed/{credentials_embed_id}
delete_user_credentials_embed(user_id, credentials_embed_id)

Implementation Notes

Embed login information for the specified user.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
credentials_embed_id true id of Embedding Credential integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Successfully deleted. string

Get All Embedding Credentials

GET/api/3.1/users/{user_id}/credentials_embed
all_user_credentials_embeds(user_id, fields)

Implementation Notes

Embed login information for the specified user.

Response Class

  array

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Get Looker OpenId Credential

GET/api/3.1/users/{user_id}/credentials_looker_openid
user_credentials_looker_openid(user_id, fields)

Implementation Notes

Looker Openid login information for the specified user. Used by Looker Analysts.

Response Class

CredentialsLookerOpenid {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string, read-only): EMail address used for user login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
logged_in_ip (string, read-only): IP address of client for most recent login using credential,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Delete Looker OpenId Credential

DELETE/api/3.1/users/{user_id}/credentials_looker_openid
delete_user_credentials_looker_openid(user_id)

Implementation Notes

Looker Openid login information for the specified user. Used by Looker Analysts.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Successfully deleted. string

Get Web Login Session

GET/api/3.1/users/{user_id}/sessions/{session_id}
user_session(user_id, session_id, fields)

Implementation Notes

Web login session for the specified user.

Response Class

Session {
id (long, read-only): Unique Id,
ip_address (string, read-only): IP address of user when this session was initiated,
browser (string, read-only): User's browser type,
operating_system (string, read-only): User's Operating System,
city (string, read-only): City component of user location (derived from IP address),
state (string, read-only): State component of user location (derived from IP address),
country (string, read-only): Country component of user location (derived from IP address),
credentials_type (string, read-only): Type of credentials used for logging in this session,
extended_at (string, read-only): Time when this session was last extended by the user,
extended_count (long, read-only): Number of times this session was extended,
sudo_user_id (long, read-only): Actual user in the case when this session represents one user sudo'ing as another,
created_at (string, read-only): Time when this session was initiated,
expires_at (string, read-only): Time when this session will expire,
url (string, read-only): Link to get this item,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user integer int64
session_id true Id of Web Login Session integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Delete Web Login Session

DELETE/api/3.1/users/{user_id}/sessions/{session_id}
delete_user_session(user_id, session_id)

Implementation Notes

Web login session for the specified user.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
session_id true id of Web Login Session integer int64

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
204 Successfully deleted. string

Get All Web Login Sessions

GET/api/3.1/users/{user_id}/sessions
all_user_sessions(user_id, fields)

Implementation Notes

Web login session for the specified user.

Response Class

  array

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Create Password Reset Token

POST/api/3.1/users/{user_id}/credentials_email/password_reset
create_user_credentials_email_password_reset(user_id, expires, fields)

Implementation Notes

Create a password reset token.

This will create a cryptographically secure random password reset token for the user. If the user already has a password reset token then this invalidates the old token and creates a new one. The token is expressed as the ‘password_reset_url’ of the user’s email/password credential object. This takes an optional ‘expires’ param to indicate if the new token should be an expiring token. Tokens that expire are typically used for self-service password resets for existing users. Invitation emails for new users typically are not set to expire. The expire period is always 60 minutes when expires is enabled. This method can be called with an empty body.

Response Class

CredentialsEmail {
created_at (string, read-only): Timestamp for the creation of this credential,
email (string): EMail address used for user login,
forced_password_reset_at_next_login (boolean): Force the user to change their password upon their next login,
is_disabled (boolean, read-only): Has this credential been disabled?,
logged_in_at (string, read-only): Timestamp for most recent login using credential,
password_reset_url (string, read-only): Url with one-time use secret token that the user can use to reset password,
type (string, read-only): Short name for the type of this kind of credential,
url (string, read-only): Link to get this item,
user_url (string, read-only): Link to get this user,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user integer int64
expires false Expiring token. boolean boolean
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Get User Roles

GET/api/3.1/users/{user_id}/roles
user_roles(user_id, fields, direct_association_only)

Implementation Notes

Get information about roles of a given user.

Response Class

  array

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
fields false Requested fields. string string
direct_association_only false Get only roles associated directly with the user: exclude those only associated through groups. boolean boolean

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Set User Roles

PUT/api/3.1/users/{user_id}/roles
set_user_roles(user_id, body, fields)

Implementation Notes

Set roles of the user with a specific id.

Response Class

  array

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true id of user integer int64
body true array of roles ids for user body array
fields false Requested fields. string string

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Get User Attribute Values

GET/api/3.1/users/{user_id}/attribute_values
user_attribute_user_values(user_id, fields, user_attribute_ids, all_values, include_unset)

Implementation Notes

Get user attribute values for a given user.

Returns the values of specified user attributes (or all user attributes) for a certain user.

A value for each user attribute is searched for in the following locations, in this order: 1. in the user’s account information 1. in groups that the user is a member of 1. the default value of the user attribute

If more than one group has a value defined for a user attribute, the group with the lowest rank wins.

The response will only include user attributes for which values were found. Use include_unset=true to include empty records for user attributes with no value.

The value of all hidden user attributes will be blank.

Response Class

  array

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user integer int64
fields false Requested fields. string string
user_attribute_ids false Specific user attributes to request. Omit or leave blank to request all user attributes. array array
all_values false If true, returns all values in the search path instead of just the first value found. Useful for debugging group precedence. boolean boolean
include_unset false If true, returns an empty record for each requested attribute that has no user, group, or default value. boolean boolean

Response Messages

HTTP Status Code Reason Response Model
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Set User Attribute User Value

PATCH/api/3.1/users/{user_id}/attribute_values/{user_attribute_id}
set_user_attribute_user_value(user_id, user_attribute_id, body)

Implementation Notes

Store a custom value for a user attribute in a user’s account settings.

Per-user user attribute values take precedence over group or default values.

Response Class

UserAttributeWithValue {
name (string, read-only): Name of user attribute,
label (string, read-only): Human-friendly label for user attribute,
rank (long, read-only): Precedence for setting value on user (lowest wins),
value (string): Value of attribute for user,
user_id (long, read-only): Id of User,
user_can_edit (boolean, read-only): Can the user set this value,
value_is_hidden (boolean, read-only): If true, the "value" field will be null, because the attribute settings block access to this value,
user_attribute_id (long, read-only): Id of User Attribute,
source (string, read-only): How user got this value for this attribute,
hidden_value_domain_whitelist (string, read-only): If this user attribute is hidden, whitelist of destinations to which it may be sent.,
can (object, read-only): Operations the current user is able to perform on this object
}

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user integer int64
user_attribute_id true Id of user attribute integer int64
body true New attribute value for user. body
UserAttributeWithValue {
name (string, read-only): Name of user attribute,
label (string, read-only): Human-friendly label for user attribute,
rank (long, read-only): Precedence for setting value on user (lowest wins),
value (string): Value of attribute for user,
user_id (long, read-only): Id of User,
user_can_edit (boolean, read-only): Can the user set this value,
value_is_hidden (boolean, read-only): If true, the "value" field will be null, because the attribute settings block access to this value,
user_attribute_id (long, read-only): Id of User Attribute,
source (string, read-only): How user got this value for this attribute,
hidden_value_domain_whitelist (string, read-only): If this user attribute is hidden, whitelist of destinations to which it may be sent.,
can (object, read-only): Operations the current user is able to perform on this object
}

Response Messages

HTTP Status Code Reason Response Model
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}

Delete User Attribute User Value

DELETE/api/3.1/users/{user_id}/attribute_values/{user_attribute_id}
delete_user_attribute_user_value(user_id, user_attribute_id)

Implementation Notes

Delete a user attribute value from a user’s account settings.

After the user attribute value is deleted from the user’s account settings, subsequent requests for the user attribute value for this user will draw from the user’s groups or the default value of the user attribute. See Get User Attribute Values) for more information about how user attribute values are resolved.

Response Class

  None

Parameters

Parameter Required? Description Parameter Type Data Type
user_id true Id of user integer int64
user_attribute_id true Id of user attribute integer int64

Response Messages

HTTP Status Code Reason Response Model
204 Deleted
400 Bad Request
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
404 Not Found
Error {
message (string, read-only, required): Error details,
documentation_url (string, read-only, required): Documentation link
}
Top