1

I have created an app and some REST API on Google Appengine and deployed it to

www.my-appspot-id.appspot.com

I'm using Google Datastore to store my data and have created API's to access that data. However, i can access my API directly also using www.my-appspot-id.appspot.com/_ah/api/explorer which means anyone can access them and can manipulate the data which i don't want.

How to restrict access so that nobody but some particular registered set of users can only use it?

  • Were you able to find an answer? – user362953 Feb 26 '17 at 06:25
  • 1
    See [Cloud Endpoints: Control who can execute API through API Explorer](http://stackoverflow.com/questions/42521424/cloud-endpoints-control-who-can-execute-api-through-api-explorer) – sam Mar 01 '17 at 01:12

3 Answers3

0

I stumbled upon this tutorial recently, might be of some help.

sirVir
  • 1,146
  • 10
  • 13
  • Per the Tutorial page (https://rominirani.com/google-cloud-endpoints-tutorial-part-5-7cece01570f#.16r0y1q3v) API Explorer can be accessed by anyone who Authenticates through their Google Account. They would also be able to submit/post. – user362953 Feb 26 '17 at 06:22
0

I think you need to authenticate your endpoints and authorize only some client id. OAuth 2 authentication : https://developers.google.com/appengine/docs/python/endpoints/getstarted/backend/auth Allowed client ids and audience : https://developers.google.com/appengine/docs/python/endpoints/create_api#allowed_client_ids_and_audiences

Maël
  • 259
  • 1
  • 11
0

To answer your question : you can't.

Google Cloud Endpoints is based on the explorer api: everybody will be able to navigate into your API, and see the differents methods available.

BUT if you add an authentication to your methods, the visitor will not be able to execute them.

Ludovic Borie
  • 155
  • 5
  • Apparently, even if you have Authentication added to your entire API, anyone who authenticates through their Google Account (OAUTH2) would be able to execute them, even without any client id generated through Google Cloud Console. https://rominirani.com/google-cloud-endpoints-tutorial-part-5-7cece01570f#.16r0y1q3v – user362953 Feb 26 '17 at 06:24