Reputation: 3587
GCP Endpoint "Try this API" authorization URL
I am trying to configure the "Try this API" feature in GCP Endpoint using a service account as authentication. I am using this documentation: https://cloud.google.com/endpoints/docs/openapi/authenticating-users-custom
I have configured endpoint securityDefinitions as stated below.
securityDefinitions:
google_service_account_dev:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "[...]@appspot.gserviceaccount.com"
x-google-jwks_uri: "https://www.googleapis.com/robot/v1/metadata/x509/[...]@appspot.gserviceaccount.com"
x-google-audiences: "[...].appspot.com"
In the developer portal there is a message:
"Try this API" is disabled for users on this page for the following reasons:
"Try this API" requires an authorization URL to be specified in the API spec for the "google_service_account_dev" security requirement.
In documentation "authorizationUrl" component is empty, so documentation is buggy.
How it should be configured to allow to use "Try this API" feature?
EDIT:
I tried to follow this documentation: https://cloud.google.com/endpoints/docs/openapi/dev-portal-explore-api
It seems out of date. According to the document in the Portal settings there should be APIs Explorer Settings section, but it is not present. Any idea where I should paste the API Key?
Upvotes: 5
Views: 759
Answers (2)
Reputation: 204
I've encountered the same issue, I just found out that the actual oauth flow works behind upon trying with Postman and passing correct bearer token despite issues in Developer Portal UI. Just leave authorizationUrl and scopes blank/empty on your config.
The only challenge here on how to bypass this oauth on the Developer Portal side.
Upvotes: 0
Reputation: 99
I've spend a lot of time too to make the "Try this API" feature available on our GCP API Endpoints Portal (not public). And after a couple of month to struggling with that, yesterday I found my answer on the GCP API management doc limitations. And as it's well specified :
The Endpoints service must be publicly accessible in order to use the Try this API panel. Requests will fail if other authentication (such as IAP) is configured on the Endpoints service.
So.. I've deactivate it cause our API must be authenticated. :/ Sorry for this bad news, but I hope at least that will not waste your time with that.
Upvotes: 1
Related Questions
- GCP REST API authentication missing
- GCP API Gateway to Cloud Functions default service account authentication: "Your client does not have permission to the requested URL""
- GCP IAM REST API Service account key issue
- Google Cloud Endpoints pass API key in header
- Google Cloud Endpoint 403 Exception
- Authorizing REST API calls to GCP
- Authorization in Google Cloud Endpoints for external clients
- GCP: ERROR: (gcloud.services.enable) PERMISSION_DENIED: The caller does not have permission when enabling API
- GCP endpoints: The caller does not have permission after requesting API key in query
- Google Cloud Endpoint not recognizing my API