Looker is Google Cloud's enterprise business intelligence platform for exploring data, building dashboards, and embedding analytics. Integrating Looker with Frontegg lets your application work with dashboards, Looks, queries, folders, and users through the Looker API 4.0.
The integration authenticates with Looker API3 credentials — a Client ID and Client Secret pair generated for a Looker user. Frontegg exchanges them for a short-lived access token at your instance's /api/4.0/login endpoint, so there is no browser redirect or consent screen. API access is governed by the role of the user the credentials belong to, not by OAuth scopes — so bind the credentials to a minimal-privilege account.
Prerequisites
Prerequisites
- A hosted Looker instance (
https://<instance>.cloud.looker.com) - Admin access to the Looker instance, or an administrator who can generate API3 keys on your behalf
- API credential management enabled for the user on the Admin → Users page
Frontegg needs the subdomain of your hosted Looker instance to build the API base URL. Sign in to Looker and look at your browser address bar:
https://mycompany.cloud.looker.com| Value | Where it comes from | Example |
|---|---|---|
| Looker instance name | The subdomain before .cloud.looker.com | mycompany |
Instance name format
Instance name format
Enter only the subdomain — for example, mycompany. Do not include https://, the .cloud.looker.com domain, the port, or a trailing slash.
Google recommends not binding API credentials to a Looker admin account. In the Looker Admin panel, open Users, click Add Users, and create a dedicated user (for example, frontegg-service) with the minimum role required for the data your application needs.
Access follows the user's role
Access follows the user's role
Looker has no per-integration OAuth scopes. The connector can perform any action the user behind the API key is allowed to perform. Assigning a least-privilege role to a dedicated service account keeps the integration's access scoped to exactly what it needs.
You can skip this step and use an existing account, but a dedicated service account is the recommended approach.
In the Looker Admin panel, open Users, find the user from Step 2 (or your own account), and click Edit. Scroll to the API Keys section and click Edit Keys, then New API Key.
Looker generates an API3 key — a Client ID and Client Secret pair — for that user.
Copy both the Client ID and the Client Secret from the API Keys section.
Copy the secret immediately
Copy the secret immediately
The Client Secret is shown in full only when the key is created. If you lose it, you must delete the key and generate a new one.
Once you have collected the values from the steps above, enter them in the integration configuration page of the Frontegg portal:
- Open the Frontegg portal and navigate to [ENVIRONMENT] → Integrations → Looker.
- Fill in the Connector credentials form:
- Client ID — the API3 Client ID from Step 3
- Client Secret — the API3 Client Secret from Step 3
- Looker instance name — the subdomain from Step 1 (for example,
mycompany), withouthttps://, the domain, the port, or a trailing slash
- Click Save.
Keep your credentials secure
Keep your credentials secure
The Client Secret grants API access on behalf of the Looker user it belongs to. Never share or commit it to version control. Delete API keys you no longer use from Admin → Users → Edit → API Keys.