sam
Reputation: 787
Cloud Endpoints: Control who can execute API through API Explorer
Everyone who successfully authenticates through Google account would be able to execute the API through the API Explorer.
I would like to limit the ability to execute the API through API Explorer only to some users. But at the same time have the API accessible for all users of my Android and iOS apps.
Security in the case of at least Android App is facilitated through the Android Client Id and SHA fingerprint. So, the scope here is to NOT include the App access security.
Upvotes: 1
Views: 167
Answers (1)
sam
Reputation: 787
- Identify that the request is coming through the API explorer. One way is through the origin/referrer in the headers. For obtaining header information see this question.
And,
- If the list of users is known, in the endpoints method raise
endpoints.UnauthorizedExceptionif the user (endpoints.get_current_user()) is not in the list.
Python sample code:
if self.request_state.headers.get('x-referer') == "https://apis-explorer.appspot.com" and endpoints.get_current_user() not in MY_LIST:
raise endpoints.UnauthorizedException('Not Authorized')
Upvotes: 1
Related Questions
- Cloud Endpoints, grant roles to API keys to restrict some methods/paths (e:g read/write roles)
- How to grant access to a defined set of endpoints to an api key
- Lock down Cloud Endpoints API Explorer to a specific Gmail account
- Make api explorer private
- Restrict GAE Endpoint access
- How do I restrict Google App Engine Endpoints API access to only my Android applications?
- Protect Google Cloud Endpoints API
- Disable API discovery for API Explorer
- Restrict Google App Engine Endpoints API access
- Limit access to google app engine endpoint method