Skip to content

Looker API Token

Service Name: Looker

Service Description: Looker is a business intelligence software and big data analytics platform that helps organizations explore, analyze, and share real-time business analytics. It provides data visualization and exploration capabilities to help businesses make data-driven decisions.

Service Address: https://looker.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Looker instance level through allowlisting specific IP addresses.

Secret Access Scope: Grants programmatic access to Looker's API, allowing users to query data, manage users, create and modify content, and perform administrative tasks depending on the user's permissions.

Secret Revokement URL: https://docs.looker.com/admin-options/settings/users#api_tokens

Secret Example: t7kcs9Ts4SFfQnYJ9rjRKGVR

Suspicious Activity Investigation Instructions:

  • Review Looker's audit logs for unusual API calls or data access patterns
  • Check for unexpected changes to dashboards, looks, or models
  • Monitor for unusual data exports or queries
  • Verify if there are any new scheduled deliveries or data alerts
  • Check for unauthorized user permission changes or new API users

Mitigation Instructions:

  • Log in to your Looker instance as an admin
  • Navigate to Admin > Users
  • Find the user whose API token needs to be revoked
  • Click on the user's Edit button
  • Scroll to the API section
  • Click "Reset API3 Key" to invalidate the current token
  • Alternatively, disable API access entirely by unchecking API under User Attributes.
  • Consider implementing IP restrictions for API access if not already in place.
  • Review and adjust user permissions to enforce the Principle of Least Privilege.