GCP/Stackdriver: Uptime Checks for an authenticated API

Question

So I am working on a backend service which is consumed by other backend services. The consumers need to acquire an authentication token before they can call our API. Now, I want to make periodic requests to dummy products (on live, deployed instances) to observe if everything is working fine.

Is that possible with uptime checks? It seems they only support Basic Authentication, you cannot execute actual code (to retrieve tokens or generate random request identifiers) before execution. Right?

I see there is the option to create uptime checks by code https://cloud.google.com/monitoring/uptime-checks/#node.js but since await client.createUptimeCheckConfig(request) uses static config (request object), I guess you cannot inject functions there?

Can I use any other tool in GCP for what I want or do I need to deploy a middleman service (or function) to forward the uptime checks?

Answer 1

The uptime checks do allow you to provide custom headers (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.uptimeCheckConfigs#HttpCheck) so you could use that if you have a hardcoded token that you are able to pass in to your API via headers.

If that is not an option you can spin up an instance of a webserver with routes that perform the custom logic you need. Then, setup the uptime checks to ping your webserver as needed. If you need additional security on your webserver you have a few options:

1. Restrict access to the webserver by setting up HTTP Basic Authentication. The uptime support basic authentication so you would just provide the values your server requires.
2. Restrict your server to only accept connections from the IP Addresses that Google uses for uptime checks ( https://cloud.google.com/monitoring/uptime-checks/using-uptime-checks#get-ips ). Note that these are dynamic and would require some automated process for keeping the list up to date.