Reputation: 7537
Protect Google Cloud Endpoints API
We have the backend code ready and working, and we want to protect our APIs which is built on top of Google Cloud Endpoints.
so now, we have some difficulty to achieve these goals:
1) only request from iOS device is allowed
here Using Auth with Endpoints the article says that we can Specifying authorized clients in the API backend. We did add something like:
@Api(
name = "tictactoe",
version = "v1",
scopes = {Constants.EMAIL_SCOPE},
clientIds = {Constants.IOS_CLIENT_ID}
)
however, we can still access without provide any client id.
2) only real user allowed to access our APIs
our app has two kinds of user: registered & guest. There is no 3rd party login using google or facebook.
what if we implements a getToken method and generate a token for users. But anyone who knows this api or sniffer the traffic will know the mechanism, and they can play with our API as a guest account.
we have googled and see a lot of OAuth2 or HMAC, but for our case, is that possible to do it easier and relatively secured.
So, in general, how can we implements a secured backend APIs based on Google Cloud Platform ?
Upvotes: 3
Views: 202
Answers (1)
Related Questions
- Google Cloud Endpoints security
- How do I protect my API that was built using Google Cloud Endpoints?
- How do i protect backend REST APIs on App Engine and GKE from abuse?
- How to provide Security in google cloud endpoints?
- google app engine cloud endpoint security
- Restrict GAE Endpoint access
- Protecting my Google App Engine API Endpoints
- How to secure an App Engine endpoint for server-to-server communication?
- Restrict Google App Engine Endpoints API access
- Endpoints API with authentication