Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Make api explorer private

Tags:

google-cloud-endpoints

Is it possible to either turn off the api explorer completely or limit the access to it?

I noticed some logs in my app that come from failed requests executed from a browser. My api is only consumed by an Android app so the only place where they can come from is the api explorer. Also the api access is limited to 1 web and 1 android client id.

like image 473
Gabriel Ittner Avatar asked Mar 13 '13 10:03

Gabriel Ittner

People also ask

What is private API gateway?

API Gateway private endpoints are made possible via AWS PrivateLink interface VPC endpoints. Interface endpoints work by creating elastic network interfaces in subnets that you define inside your VPC. Those network interfaces then provide access to services running in other VPCs, or to AWS services such as API Gateway.

What is an example of a private API?

One example of a private API is Home-Cost, a home building cost calculator. Home-Cost is provided as a customized installation for each client. The API might be made available through a home building supply store, enabling customers to pick the supplies to complete their projects with running tallies of costs.

What is public API and private API?

An API provides a way for developers to access the functionality of an operating system, program or other service. Public APIs are open to anyone and can be used without restrictions. Private APIs are only accessible by authorized users and may be subject to usage restrictions.

2 Answers

Unfortunately no. The API explorer works by using the Discovery Service associated with your API, which is not actually part of your backend, so you can't specify auth or visibility for those URIs.

The list method from the Discovery service is used to generate the list on the APIs Explorer app using your app as base:

discovery.apis.list:

your-app-id.appspot.com/_ah/api/discovery/v1/apis

When someone clicks one of the APIs from the list, the full discovery document is retrieved for that apiName and apiVersion using the getRest method from the Discovery service:

discovery.apis.getRest:

your-app-id.appspot.com/_ah/api/discovery/v1/apis/{apiName}/{apiVersion}/rest

like image 154
bossylobster Avatar answered Sep 24 '22 01:09

bossylobster

If you are looking for ways to prevent the executing of the API, check out Cloud Endpoints: Control who can execute API through API Explorer

like image 30
sam Avatar answered Sep 21 '22 01:09

sam
Sign in to Comment

Related questions

Cloud Endpoints HTTP Cookies
combining blob servlet with endpoint api
Google App Engine: Endpoints authentication with ID and password
Cannot import google cloud endpoints client library class in Android project
Recover deleted Google Public API Key
Creating topic on pubsub emulator
How to upgrade appengine-java-sdk installed in .gradle folder
ESPv2 with Google Cloud Functions upstream request timeout
IP Address of Google App engine application
Google app engine nullpointerexception when trying to fetch list instead of searching by primary key
cant delete pod using kubctl delete pod <pod>
appengine endpoint Failed to retrieve API configs with status: 500
Android + App engine: user.getUserID() is null in endpoint
CSRF on GAE Endpoints with oAuth
Integrate firebase auth with google app engine cloud endpoints

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!