9

This question is only to confirm that I'm clear about this concept.

As far as I understand, Google Cloud Endpoints are kind of Google's implementation of REST services, so that they can't keep any "session" data in memory, therefore:

  • Users must send authentication data with each request.
  • All the data I want to use later on must be persisted, namely, with each API request I receive, I have to access the Datastore, do something and store the data again.

Is this correct? And if so, is this actually good in terms of performance?

bossylobster
  • 9,993
  • 1
  • 42
  • 61
MikO
  • 18,243
  • 12
  • 77
  • 109

3 Answers3

4

Yes you can use session, only put another Paramether in your API method with HttpServlet:

@ApiMethod
public MyResponse getResponse( HttpServletRequest req, @Named("infoId") String infoId ) {
    // Use 'req' as you would in a servlet, e.g.
    String ipAddress = req.getRemoteAddr();
    ...
}
Douglas Correa
  • 1,015
  • 12
  • 25
  • I get it from this question: [link](http://stackoverflow.com/questions/15056830/getting-raw-http-data-headers-cookies-etc-in-google-cloud-endpoints) – Douglas Correa Apr 08 '13 at 05:24
  • 4
    It's really interesting, but it's not correct... The fact that you can pass a HttpRequest parameter doesn't mean at all that you can use sessions... As explained in the link from which you've copied your response, this is useful to get request info. But the Endpoint doesn't forward the request (as Servlets do) but it just return an object MyResponse, so the session will be lost... – MikO Apr 08 '13 at 11:18
  • Take a look at this link https://cloud.google.com/appengine/docs/java/config/appconfig and search for 'Enabling sessions'. With this, your server will have a session with MaxInactiveInterval equals -1, which indicates that the session should never timeout. – Gilson Nov 17 '15 at 00:57
  • I think what missing in this example is the use of auth = @ApiAuth(allowCookieAuth = AnnotationBoolean.TRUE) on the @API annotation such that the JSESSIONID cookie makes its way to the endpoint and make the session available in in the request object. – Amir Naor May 29 '17 at 21:14
3

The datastore is pretty quick especially if you do a key lookup (as apposed to query). if you use NDB then you will have the benefit of auto memache your lookups.

Shay Erlichmen
  • 31,691
  • 7
  • 68
  • 87
2

Yes, your Cloud Endpoints API backend code (Java or Python) is still running on App Engine, so you have the same access to all resources you would have on App Engine.

Though you can't set client-side cookies for sessions, you still can obtain a user for a request and store user-specific data in the datastore. As @Shay Erlichmen mentioned, if you couple the datastore with memcache and an in-context cache (as ndb does), you can make these lookups very quick.

To do this in either Python or Java, either allowed_client_ids or audiences will need to be specified in the annotation/decorator on the API and/or on the method(s). See the docs for more info.

Python:

If you want to get a user in Python, call

endpoints.get_current_user()

from within a request that has been annotated with allowed_client_ids or audiences. If this returns None, then there is no valid user (and you should return a 401).

Java:

To get a user, on an annotated method (or method contained in an annotated API), simply specify a user object in the request:

import com.google.appengine.api.users.User;

...

  public Model insert(Model model, User user) throws
      OAuthRequestException, IOException {

and as in Python, check if user is null to determine if a valid OAuth 2.0 token was sent with the request.

bossylobster
  • 9,993
  • 1
  • 42
  • 61