Skip to main content
Google’s MCP Toolbox for Databases can expose your Looker semantic layer to agents. Use this guide to create Looker API credentials, run the toolbox server, and register it in the TrueFoundry MCP Gateway.

Prerequisites

  • A TrueFoundry account with permission to add MCP servers.
  • A Looker instance, either Looker Original or Looker Google Cloud Core.
  • A Looker user or service account with the minimum API permissions required by the tools you expose.

Create Looker API Credentials

For Looker Original, open your Looker instance, go to Admin > Users, edit the service account user, and create a new API 4.0 Key. For Looker Google Cloud Core, enable API credential management, open your Account page, and generate a new API 4.0 Key. Copy these values:
ValueEnvironment variable
Looker instance URL, without trailing slashLOOKER_BASE_URL
API 4.0 client IDLOOKER_CLIENT_ID
API 4.0 client secretLOOKER_CLIENT_SECRET
SSL verification flag, optionalLOOKER_VERIFY_SSL
If your Looker instance uses port 19999, include it in LOOKER_BASE_URL, for example https://looker.example.com:19999.

Run the MCP Server

Deploy MCP Toolbox for Databases in your own environment or on TrueFoundry as a service. Configure the process to run: 
toolbox --stdio --prebuilt looker
Set the Looker environment variables from the previous section. Use a shared service account for team-wide read access, or per-user credentials when each user should bring their own Looker API key.
To enable Looker’s Conversational Analytics tools, run toolbox --stdio --prebuilt looker-conversational-analytics and also set LOOKER_PROJECT and LOOKER_LOCATION.

Register in TrueFoundry

If the server is exposed over HTTP, open MCP Gateway, click Add MCP Server, and select Connect any Remote MCP Server. Enter the MCP URL for your deployed toolbox server, add collaborators, and choose the outbound authentication mode that matches your deployment. If you run it as a CLI-style process, select Hosted Stdio-based MCP Server and configure:
FieldValue
Commandtoolbox
Arguments--stdio --prebuilt looker
Environment variablesLOOKER_BASE_URL, LOOKER_CLIENT_ID, LOOKER_CLIENT_SECRET, optional LOOKER_VERIFY_SSL
Use Auth Overrides when users provide their own Looker credentials.

Verify and Secure

After the server is registered, confirm that tools are visible in the Tools section and then try them from the Agent Playground. Use a dedicated Looker service account with limited API access, keep LOOKER_CLIENT_SECRET in a secret store, and set LOOKER_VERIFY_SSL=false only for internal instances with trusted self-signed certificates.