Present client credentials to obtain an authorization token

Looker API implements the OAuth2Resource Owner Password Credentials Grant pattern.The client credentials required for this login must be obtained by creating an API key on a user accountin the Looker Admin console. The API key consists of a publicclient_id and a privateclient_secret.

The access token returned bylogin must be used in the HTTP Authorization header of subsequentAPI requests, like this:

Authorization: token 4QDkCyCtZzYgj4C2p2cj3csJH7zqS5RzKs2kTnG4

Replace "4QDkCy..." with theaccess_token value returned bylogin.The wordtoken is a string literal and must be included exactly as shown.

This function can acceptclient_id andclient_secret parameters as URL query params or as www-form-urlencoded params in the body of the HTTP request. Since there is a small risk that URL parameters may be visible to intermediate nodes on the network route (proxies, routers, etc), passing credentials in the body of the request is considered more secure than URL params.

Example of passing credentials in the HTTP request body:

POST HTTP /loginContent-Type: application/x-www-form-urlencodedclient_id=CGc9B7v7J48dQSJvxxx&client_secret=nNVS9cSS3xNpSC9JdsBvvvvv

Best Practice:

Always pass credentials in body params. Pass credentials in URL query paramsonly when you cannot pass body params due to application, tool, or other limitations.

For more information and detailed examples of Looker API authorization, seeHow to Authenticate to Looker API.

Request

Response