Cloud endpoints: control that the API can perform through the Explorer API

Question

Cloud endpoints: control that the API can perform through the Explorer API

Anyone who successfully authenticates through a Google account will be able to execute the API through the API.

I would like to restrict the ability to execute the API through the API only to some users. But at the same time, the API is available to all users of my Android and iOS applications.

Security, at least for Android applications, is facilitated by the Android client ID and SHA fingerprint. So the scope here is to NOT include application access protection.

+1

google-cloud-endpoints

sam Mar 01 '17 at 1:02

source share

1 answer

sam · Answer 1 · 2017-03-01T01:02:24+0000

Determine that the request comes through the API Explorer. One way is through the source / referrer in the headers. For header information, see This is a question .

and

If the list of users is known, raise endpoints.UnauthorizedException in the endpoints method if the user ( endpoints.get_current_user() ) is not in the list.

Python example code:

 if self.request_state.headers.get('x-referer') == "https://apis-explorer.appspot.com" and endpoints.get_current_user() not in MY_LIST: raise endpoints.UnauthorizedException('Not Authorized')

Cloud endpoints: control that the API can perform through the Explorer API

More articles: