cors-api-proxy
Looker CORS API Proxy Pattern (General)
This skill describes the Scoped API Token Proxy pattern. This architectural pattern allows frontend applications to make direct, performant API calls to Looker from the browser while maintaining strict security by delegating authentication to a secure backend.
1. The Core Pattern
The pattern solves the "Browser Secret Problem": Browsers cannot safely hold API Client Secrets, but direct API access (CORS) requires an authentication token.
Architectural Components
- Application Frontend: The client-side UI that requires data. It makes direct
fetchorXHRcalls to Looker's API endpoints. - Application Backend (The Proxy/Signer): A secure server-side component that holds Looker Admin credentials. It does not proxy data; it only proxies Identity and Authentication.
- Looker API: The source of data, configured to trust the Frontend's origin via CORS.
2. The Authentication Delegation Flow
Instead of the backend fetching data and passing it back, the backend provides the frontend with the "keys" to fetch the data itself.
- Identity Verification: The Frontend authenticates with the Application Backend using the app's standard auth mechanism (JWT, Session Cookie, etc.).
More from lkrdev/looker-embed-skills
cors-api
Architectural pattern for direct browser-to-Looker API calls via CORS using OAuth2 with PKCE for secure client-side authentication.
2ca-adk-streaming
This skill enables agents to assist users in building streaming, data-driven agentic applications using the Looker Conversational Analytics (CA) API and Google ADK. Use this when you need to orchestrate multi-step data workflows with real-time feedback and conditional post-processing (e.g., visualization, analysis).
2sso-embed
This skill allows agents to assist users in setting up, implementing, and troubleshooting Looker SSO (signed) and Cookieless embedding using the Looker Embed SDK.
2embed-themes
This skill enables agents to assist users in programmatically creating, updating, and managing Looker themes using the Looker API. Use this when you need to automate visual styling, implement brand-specific themes, or manage instance-wide default themes.
2visualization-components
This skill enables agents to assist users in building custom, high-performance data experiences using Looker's React-based visualization components.
2embed-javascript-events-api
This skill enables agents to assist users in implementing and troubleshooting interactive communication between a host application and an embedded Looker iframe using JavaScript events.
2