Looker API

Prefix: /api/looker | Tag: looker

Manages cookieless Looker embed sessions. The session_reference_token is stored server-side and never sent to the browser.

Endpoints

Method	Path	Description
POST	`/api/looker/acquire-session`	Acquire a new embed session
PUT	`/api/looker/generate-tokens`	Refresh tokens for an existing session

POST `/api/looker/acquire-session`

Acquires a cookieless embed session from the Looker API. The browser's User-Agent is forwarded for session validation. The embed_domain is detected from the request Origin header.

Response:

{
  "authentication_token": "...",
  "authentication_token_ttl": 300,
  "navigation_token": "...",
  "navigation_token_ttl": 600,
  "api_token": "...",
  "api_token_ttl": 600,
  "session_reference_token_ttl": 2592000
}

Note: session_reference_token is intentionally omitted from the response (stored server-side only).

Returns 502 if Looker authentication or session acquisition fails. Returns 503 if Looker credentials are not configured.

PUT `/api/looker/generate-tokens`

Called by the Looker Embed SDK when tokens expire. Retrieves the session_reference_token from server-side storage.

Request body:

{
  "api_token": "current_api_token",
  "navigation_token": "current_navigation_token"
}

Response:

{
  "api_token": "new_api_token",
  "api_token_ttl": 600,
  "navigation_token": "new_navigation_token",
  "navigation_token_ttl": 600,
  "session_reference_token_ttl": 2592000
}

Returns {"session_reference_token_ttl": 0} if the session has expired (SDK should re-acquire).

Endpoints​

POST /api/looker/acquire-session​

PUT /api/looker/generate-tokens​

Endpoints

POST `/api/looker/acquire-session`

PUT `/api/looker/generate-tokens`