Looker API Token
Service Name: Looker
Service Description: Looker is a business intelligence software and big data analytics platform that helps organizations explore, analyze, and share real-time business analytics. It provides data visualization and exploration capabilities to help businesses make data-driven decisions.
Service Address: https://looker.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Looker instance level through allowlisting specific IP addresses.
Secret Access Scope: Grants programmatic access to Looker's API, allowing users to query data, manage users, create and modify content, and perform administrative tasks depending on the user's permissions.
Secret Revokement URL: https://docs.looker.com/admin-options/settings/users#api_tokens
Secret Example: t7kcs9Ts4SFfQnYJ9rjRKGVR
Suspicious Activity Investigation Instructions:
- Review Looker's audit logs for unusual API calls or data access patterns
- Check for unexpected changes to dashboards, looks, or models
- Monitor for unusual data exports or queries
- Verify if there are any new scheduled deliveries or data alerts
- Check for unauthorized user permission changes or new API users
Mitigation Instructions:
- Log in to your Looker instance as an admin
- Navigate to Admin > Users
- Find the user whose API token needs to be revoked
- Click on the user's Edit button
- Scroll to the API section
- Click "Reset API3 Key" to invalidate the current token
- Alternatively, disable API access entirely by unchecking API under User Attributes.
- Consider implementing IP restrictions for API access if not already in place.
- Review and adjust user permissions to enforce the Principle of Least Privilege.