Geek Answers Handbook

Make api explorer private

Is it possible to completely disable api explorer or restrict access to it?

I noticed some of the logs in my application that come from failed requests made from the browser. My api is only consumed by the Android app, so the only place they can be from is api explorer. Also, api access is limited to 1 website and 1 Android client ID.

+8
google-cloud-endpoints
source share
3 answers

Unfortunately not. The API Explorer works by using the discovery service associated with your API, which is not really part of your backend, so you cannot specify auth or visibility for these URIs.

The list method from the discovery service is used to create a list of APIs in the application using your application as a base:

discovery.apis.list:

your-app-id.appspot.com/_ah/api/discovery/v1/apis

When someone clicks on one of the APIs from the list, for this apiName and apiVersion full discovery document is retrieved using the getRest method from the discovery service:

discovery.apis.getRest:

your-app-id.appspot.com/_ah/api/discovery/v1/apis/{apiName}/{apiVersion}/rest

+4
source share

If you’re looking for ways to prevent API execution, check out Cloud Endpoints: Control That APIs Can Perform Through API APIs

+1
source share
End points

simplify authentication and you can get the current user. You should use auth to ensure that people do not mess with your private apis - otherwise people could keep track of which post or receive the requests you send, in any case - auth is always a good idea, not an attempt to keep your apis.

If you are creating a secret product and you do not want your competitor to know, you can probably use some obfuscation method on the backend and on your client, which makes apis unreadable.

Also user clutter with your apis should not break your database - or if it does - it should only break it for a user who was stupid. Having the logic in your client to use apis so that the backend is not broken is a bad idea - the backend apis should take care of itself and not worry about how and why they are used, and who for what purpose.

0
source share

More articles:


All Articles