Create Signed Embed URL

Creates a signed embed URL and cryptographically signs it with an embed secret.This signed URL can then be used to instantiate a Looker embed session in a PBL web application.Do not make any modifications to the returned URL - any change may invalidate the signature andcause the URL to fail to load a Looker embed session.

A signed embed URL can only beused once. After the URL has been used to request a page from theLooker server, it is invalid. Future requests using the same URL will fail. This is to prevent'replay attacks'.

Thetarget_url property must be a complete URL of a Looker UI page - scheme, hostname, path and query params.To load a dashboard with id 56 and with a filter ofDate=1 years, the looker URL would look likehttps:/myname.looker.com/dashboards/56?Date=1%20years.The best way to obtain thistarget_url is to navigate to the desired Looker page in your web browser and use the "Get embed URL" menu optionto copy it to your clipboard and paste it into thetarget_url property as a quoted string value in this API request.

Permissions for the embed user are defined by the groups in which the embed user is a member (group_ids property)and the lists of models and permissions assigned to the embed user.At a minimum, you must provide values for either thegroup_ids property, orboth the models and permissions properties.These properties are additive; an embed user can be a member of certain groups AND be granted access to models and permissions.

The embed user's access is the union of permissions granted by thegroup_ids,models, andpermissions properties.

This function does not strictly require all group_ids, user attribute names, or model names to exist at the moment theembed url is created. Unknown group_id, user attribute names or model names will be passed through to the output URL.Because of this,these parameters are not validated when the API call is made.

TheGet Embed Url dialog can be used to determine and validate the correct permissions for signing an embed url.This dialog also provides the SDK syntax for the API call to make. Alternatively, you can copy the signed URL into the Embed URI Validator text boxin<your looker instance>/admin/embed to diagnose potential problems.

Thesecret_id parameter is optional. If specified, its value must be the id of an active secret defined in the Looker instance.if not specified, the URL will be signed using the most recent active signing secret. If there is no active secret for signing embed urls,a default secret will be created. This default secret is encrypted using HMAC/SHA-256.

Theembed_domain parameter is optional. If specified and valid, the domain will be added to the embed domain allowlist if it is missing.

Security Note

Protect this signed URL as you would an access token or password credentials - do not writeit to disk, do not pass it to a third party, and only pass it through a secure HTTPSencrypted transport.

NOTE: Calls to this endpoint requireEmbedding to be enabled. Usage of this endpoint is not authorized for Looker Core Standard and Looker Core Enterprise.

Request

Response