Google Cloud Pub/Sub - Endpoints config to publish with just an Api Key

Question

I need to publish messages to Google Cloud Pub/Sub without using OAuth or the Google SDK, but an Api Key instead (Similar to "how to publish to pub/sub with just an api key").

There is a guide on medium on how to secure Push Subscriptions, but I could not figure out how to configure Endpoints in a way so I can send a pub/sub publish request with just an api key.

Could you please share a matching example Endpoints configuration (yaml file)?

Answer 1

The article you are referring to in your post is about how to secure the destination endpoint (Calling from Pub/Sub using the push subscription), not how to secure Pub/Sub itself from HTTP Request.

If you have the need to Call Pub/Sub without use OAuth (using API Key instead) unfortunately is not out of the box and you need to implement some pieces.

Referring to the official documentation: https://cloud.google.com/pubsub/docs/authentication "Cloud Pub/Sub does not support API keys as an authentication method."

If you want to achieve this goal:

You need to create a Backend in front of Pub/Sub, put Cloud Endpoints (With an ESP https://cloud.google.com/endpoints/docs/openapi/deploy-api-backend) in front of the Backend with API Key security configured in the openapi.yaml and from the Backend make a call to Pub/Sub.

HTTP Request -> Cloud Endpoint (ESP in Compute Engine, App Engine, GKE, etc) -> Backend (Compute Engine, App Engine, GKE, etc) -> Pub/Sub

You can review the documentation of Cloud Endpoints (https://cloud.google.com/endpoints/docs) if you need more information about how to make the implementation.