Reputation: 827
Google App Engine: Allow Admins to Upload Data via Python Script
I have an application hosted on Google App Engine and would like to make uploading data more secure. Currently, I upload data by using a python script to make POST requests with the relevant data to a URL on the /_ah/spi/... path (and the app takes care of uploading the data correctly). My goal is to make uploading data only available to admins of the application. I tried specifying an admin security-constraint for /_ah/spi/* in my web.xml but this seemed to block me from being able to upload data.
What is the best/easiest way only allow admins to upload data via my python script?
Upvotes: 0
Views: 91
Answers (1)
Reputation: 827
I didn't quite get exactly what I wanted (allow access to my application endpoints by admins only) but I did find a way to secure it. I followed the steps here. Basically I had to:
- generate a client ID via the google developer console
- add the client ID to the @Api annotation (under clientIds) for my endpoint
- add a User parameter to all of the protected methods
- authenticate myself using OAuth and my public/secret client ID (generated in step 1) in my python script (sample code here)
This scheme at least requires the script accessing my application to have both the public/secret client ID. Also, this question had some very useful information.
Upvotes: 1
Related Questions
- Using Google Cloud AppEngine admin API to create request with Python?
- GAE bulk upload programmatically
- Upload Files To Google Cloud Storage With Google App Engine (Python)
- Upload files in Google App Engine
- Google App Engine and Upload script
- GAE upload image to cloud endpoints [Python]
- File Upload To Google Cloud Storage on Appengine(Python)
- google app engine file upload
- How to handle direct file upload with GAE/python?
- How do I upload data to Google App Engine periodically?