Securing HTTP cloud function

Question

I have followed this tutorial to create a publicly accessible HTTP cloud function. I want to secure this, ideally with a simple API Key - is this possible?

The documentation on securing doesn't seem to cover how to restrict the behaviour, although mentions that you can...

Answer 1

I want to secure this, ideally with a simple API Key - is this possible?

Yes, securing an HTTP function is possible, however, API keys aren't as secure as the other authentication methods.

Nevertheless, if you prefer to secure your function using the API keys, you'll need to deploy a Cloud Endpoints proxy and configure your securityDefinitions to enable API key validation.

The documentation on securing doesn't seem to cover how to restrict the behaviour

By default, any user or service can invoke an HTTP function. However, you can configure Cloud Identity and Access Management (IAM) on your HTTP function to restrict this behavior. By doing that, you can enable your HTTP function to be invoked only when authentication credentials are provided in the request.

As the mentioned documentation states, you can go to the Google Cloud Platform Console and move to Cloud Functions from the Console menu. There, you will see the functions that you have in your project:

• In the top right corner, you will see a field “Show Info Panel” - please select it. After selecting the appropriate function, you will be able to see there the Permissions tab.
• By using the “Add members” field, you will be able to enter one or more identities that need access to your function. Once you select a role from the drop-down menu, you’ll be able to add a new member.

The same article also explains how to remove the existing members from function’s permissions.

Here you can find more information on access control for users along with available roles.