Reputation: 1447
Java Annotations for API-key authorization on Google Cloud Endpoint?
I have a Google App Engine project that exposes an API through Google Cloud Endpoints. Until now, all APIs / endpoints used OAuth2 authentication (and authorization), which is fine for 'real' users.
Now I want to expose some new APIs that are meant to be used by machines instead of human users. I would like these endpoints to use API-key authorization.
In the cloud console I have made an API key (API manager / credentials).
The Google documentation uses a yaml file to configure API-key authorization. However, I don't use a yaml configuration, and it does not seem to be common for Java applications.
I would expect that for Java there would be annotations to authorize using API-keys. However, the Google documentation for Java does not mention anything like that.
Is it possible to use API-keys in a Java application using annotations? Is there another recommended way to do this?
UPDATE: It seems that API keys work in Cloud Endpoints 2.0, which is in beta (November 2016). However, CE 2.0 is not supported by the Google Eclipse plugin, and requires Maven (which I strongly dislike). I have no time to rewrite my project, so for now I have added an additional 'api_key' parameter to my API, which I check in code. Note that this parameter cannot be called 'key', because the Cloud Endpoint will think that this is its own API key, and respond by saying that access is not configured.
Upvotes: 1
Views: 947
Answers (2)
Reputation: 26
I had the same issue yesterday.
I was following this example in Java and Maven:
However the example does not have api-key authorization.
So I spent several hours decrypting how to add api-key authorization to the example.
Since there is no documentation on how to add api-key annotation in java, what I did was to add the annotation manually in the swagger.json.
I edited the swagger.json file and added:
1) the security variable
"Security": [
{
"Api_key": []
}
],
"You consume": [
"Application / json"
],
2) the variable api_key in securityDefinitions
"SecurityDefinitions": {
"Api_key": {
"Type": "apiKey",
"Name": "key",
"In": "query"
},
"Google_id_token": {
This solved the problem.
After that I continued with the deploy to App Engine process that is defined in the README.md example:
1) gcloud beta service-management deploy swagger.json
2) mvn appengine: update
I hope this work around could help you!
Upvotes: 1
Reputation: 2595
Yes, it is possible. Upgrade to the latest framework and in @Api, @ApiClass, or @ApiMethod use the apiKeyRequired field. We added this recently and the docs haven't caught up yet. Apologies!
Upvotes: 2
Related Questions
- apiKeyRequired in google cloud endpoint not getting resolved
- Generating Google Cloud endpoints for Java client
- User Authorization for Cloud Endpoints
- Java - Google Cloud Endpoints custom authentication with sessions
- Google cloud endpoints (app engine) + oauth2 integration with android
- Appengine Custom Authentication
- Google Endpoints API Authentication to other APIs
- Using Auth with Endpoints
- Endpoints API with authentication
- How to add authentication to google cloud endpoints?