"Whitelisting by IP Address (Server-side applications)" for Google Cloud Storage JSON API

Question

can i use "Whitelisting by IP Address (Server-side applications)" for Google Cloud Storage JSON API?

i followed the steps here: "https://developers.google.com/console/help/" but it didn't work.

And i can't find documentation on this.

here is what i've: i've created a project and added some objects there, gave the objects these permissions AllUsers - read i want to allow access to requests from certain IPs, so i decided to use "Whitelisting by IP Address" but it didn't work...i took the object MediaLink, copied it to the broweser and i was able to access it, even though the PC IP address was not defined in the server Key i generated.

the link i used it: object-Media-Link?key=myKey

Thanks, Snabel

Answer 1

There are a couple of problems with this approach.

The first and biggest problem is that, while it's possible to limit access to a server key by IP address, this is not sufficient to block other IP addresses from accessing the objects. "AllUsers" means absolutely all users, including users fetching objects from your buckets with their own API keys associated with their own projects. If your items need to be secret or secure, limiting access to your API key is not a sufficient safeguard.

Now, as to why your server API key wasn't limited to only certain IPs, this is more of a mystery. In the console, under "APIs & auth > Credentials", your server key should be listed in the "Public API access section." There should be an "IPS" section. Can you verify that there is a list of allowed IPs there?