Skip to content

Looker API Secret

Service Name: Looker

Service Description: Looker is a business intelligence software and big data analytics platform that helps companies explore, analyze and share real-time business analytics easily. It connects directly to databases to provide real-time insights through visualizations and dashboards.

Service Address: https://looker.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Looker instance level through allowlists in the admin settings.

Secret Access Scope: Grants programmatic access to Looker API, allowing users to query data, manage users, create and modify content, and access other Looker resources based on the user's permissions.

Secret Revokement URL: https://docs.looker.com/admin-options/settings/users#api_keys

Secret Example: 58sd7f9sd7f9sd7f9sd7f9sd7f9sd7f9sd7f

Suspicious Activity Investigation Instructions:

  • Review Looker audit logs for unusual API calls or data access patterns
  • Check for unexpected dashboard or Look creations or modifications
  • Monitor for unusual data exports or downloads
  • Verify if there are any new scheduled deliveries or data alerts
  • Examine user activity logs for suspicious login times or locations
  • Check for changes to user permissions or roles

Mitigation Instructions:

  • Log in to your Looker instance as an admin
  • Navigate to Admin > Users
  • Find the affected user account
  • Click on the Edit button for the user
  • Scroll to the API Keys section
  • Click "Revoke" next to the compromised API key
  • Generate a new API key if needed
  • Consider implementing IP restrictions for API access
  • Review and adjust user permissions to follow the principle of least privilege
  • Update any applications or scripts using the old API key with the new one