Endpoints for Cloud Functions with ESPv2 and API key authentication

[נתנאל שטרן‎]

Hi, I have followed this tutorial about Endpoints for Cloud Functions with ESPv2, and I tried to use an API key authentication method.

The backend function (Cloud Function) I used is the quick start function (hello_get).

Based on the instructions, I set the security properties in the open api file as:

security:

  - api_key: []

securityDefinitions:

  api_key:

    type: "apiKey"

    name: "key"

    in: "query"

except the fact that my developers portal ask me to provide an api key, i was able to call the function without the key.

The function is allow to called unauthenticated.

I tried to play with the security settings in the open api file but without any results

[Jilin Xia]

Check this example:   https://github.com/GoogleCloudPlatform/esp-v2/blob/master/examples/service_control/openapi_swagger.json

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/2cad99ac-183d-4451-8fb9-f76158c36240n%40googlegroups.com.

--

Jilin Xia jili...@google.com Senior Software Engineer

[Xuyang(Jason) Tao]

Hi,

Do you mind sending the OpenAPI file to us if possible? (privately) We can quickly help you check. 

Aslo, if you open the `Logging` -> add your service name under `Produced API` , you can see the access log and you can check the `api_key_status`.

‪On Tue, Sep 29, 2020 at 4:32 AM ‫נתנאל שטרן‬‎ <nste...@gmail.com> wrote:‬

--

You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/2cad99ac-183d-4451-8fb9-f76158c36240n%40googlegroups.com.

--

Xuyang(Jason) Tao tao...@google.com Service Infrastructure Software Engineer

[tao...@google.com]

Hi,

You are setting apiKey globally. Please note apiKey setting is at API level not global level. Wrong apiKey will make API exposed without apiKey protection.

[tao...@google.com]

Hi, 

Just to correct the apiKey setting part I mentioned before, though you may have solved this issue. The apiKey can be configed globally.