Skip to content
Last updated

Looker integration

Looker is Google Cloud's enterprise business intelligence platform for exploring data, building dashboards, and embedding analytics. Integrating Looker with Frontegg lets your application work with dashboards, Looks, queries, folders, and users through the Looker API 4.0.

The integration authenticates with Looker API3 credentials — a Client ID and Client Secret pair generated for a Looker user. Frontegg exchanges them for a short-lived access token at your instance's /api/4.0/login endpoint, so there is no browser redirect or consent screen. API access is governed by the role of the user the credentials belong to, not by OAuth scopes — so bind the credentials to a minimal-privilege account.


Prerequisites

  • A hosted Looker instance (https://<instance>.cloud.looker.com)
  • Admin access to the Looker instance, or an administrator who can generate API3 keys on your behalf
  • API credential management enabled for the user on the Admin → Users page

Connect Looker

Step 1: Identify your Looker instance name

Frontegg needs the subdomain of your hosted Looker instance to build the API base URL. Sign in to Looker and look at your browser address bar:

https://mycompany.cloud.looker.com
ValueWhere it comes fromExample
Looker instance nameThe subdomain before .cloud.looker.commycompany

Instance name format

Enter only the subdomain — for example, mycompany. Do not include https://, the .cloud.looker.com domain, the port, or a trailing slash.

Step 2: Create a service-account user

Google recommends not binding API credentials to a Looker admin account. In the Looker Admin panel, open Users, click Add Users, and create a dedicated user (for example, frontegg-service) with the minimum role required for the data your application needs.

Access follows the user's role

Looker has no per-integration OAuth scopes. The connector can perform any action the user behind the API key is allowed to perform. Assigning a least-privilege role to a dedicated service account keeps the integration's access scoped to exactly what it needs.

You can skip this step and use an existing account, but a dedicated service account is the recommended approach.

Step 3: Generate API3 credentials

In the Looker Admin panel, open Users, find the user from Step 2 (or your own account), and click Edit. Scroll to the API Keys section and click Edit Keys, then New API Key.

Looker generates an API3 key — a Client ID and Client Secret pair — for that user.

Step 4: Copy your Client ID and Client Secret

Copy both the Client ID and the Client Secret from the API Keys section.

Copy the secret immediately

The Client Secret is shown in full only when the key is created. If you lose it, you must delete the key and generate a new one.

Configure the Frontegg portal

Once you have collected the values from the steps above, enter them in the integration configuration page of the Frontegg portal:

  1. Open the Frontegg portal and navigate to [ENVIRONMENT] → Integrations → Looker.
  2. Fill in the Connector credentials form:
    • Client ID — the API3 Client ID from Step 3
    • Client Secret — the API3 Client Secret from Step 3
    • Looker instance name — the subdomain from Step 1 (for example, mycompany), without https://, the domain, the port, or a trailing slash
  3. Click Save.

Keep your credentials secure

The Client Secret grants API access on behalf of the Looker user it belongs to. Never share or commit it to version control. Delete API keys you no longer use from Admin → Users → Edit → API Keys.

Additional resources