Generate API Key for External API User?

[Ken Corbett]

Hello,

Will it ever be possible with API Gateway to generate an API Key for an end user of the API that was automatically restricted to only use this one API?

API Gateway looks really cool and I would love to be able to have the gateway track how much a given API key is being used and be able to limit / disable a given API key if it started to be abused.  But I also don't want to have to manually set up the API key in the cloud console for every customer that would like to utilize our API. I understand that they could enable the API in their own Google Cloud account and then generate their own key but many of my customer's don't have a google cloud account and I really don't want to have to walk them through setting up all that that.  I really just want to be able to call something from my cloud function to generate / create an API key for them that is automatically restricted just to the API I am publishing through API gateway.  Will that ever be possible?

Ken Corbett

Lead Developer

Inventory Shield

[Chris Latimer]

Hi Ken,

I agree the current capabilities in this area are less-than-ideal. We do have plans to improve this post-GA, unfortunately we have quite a bit of work to complete before we will be able to prioritize this. While I don't have an exact timeline for you, it will be H2 2021 at the earliest before I expect to have this capability in the product. 

As a work around, the best option we have today is to follow a project-per-key model. This still has the consequence that you have to manually create an API key (although an API Key API is currently in alpha) but you can track API traffic per project and you can disable a key that is abusing your API. It's not perfect, but it could potentially be a viable short term solution until we implement the capabilities you described as first class features in API Gateway.

Thanks,

Chris

--
You received this message because you are subscribed to the Google Groups "api-gateway-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-gateway-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/api-gateway-users/caf31337-5c92-43c6-96df-cca24479daa9n%40googlegroups.com.

--

Chris Latimer |

Product Manager, API Management |

clat...@google.com |

1-614-596-8090

[Md Shafiqul Islam]

At present, as the documentation [1], Google Cloud platform recommends to use cloud console to manage API keys. 

I am also having one public issue tracker [2] about the issue.  As the product engineering team working on the issue, you can also send any updates or questions to them writing here [2]. Thanks for your patience and understanding.

[1] https://cloud.google.com/docs/authentication/api-keys#managing_api_keys

[2] https://issuetracker.google.com/116182848

[Pasha Seliverstov]

Hi Chris,

I followed the instructions in https://cloud.google.com/api-gateway/docs/quickstart, but got the next error. Could you please help to understand the reason for the next error:

{

    "code": 403,

    "message": "PERMISSION_DENIED:API xxxxxxxxxxxxxxxx.cloud.goog is not enabled for the project."

}

Best regards,

Pasha

[Chris Latimer]

Hi Pasha,

You need to go to the API dashboard then click on "Enable APIs and Services":

From there, you can search for your API, it will use the 'title' value that you had in your OpenAPI spec. Once you find it, enable the API and that should resolve the problem. Alternatively, I believe you can also just use gcloud to enable the service using:

gcloud services enable xxxxxxxxxxxxxxxx.cloud.goog

Thanks,

Chris

To view this discussion on the web visit https://groups.google.com/d/msgid/api-gateway-users/b8e2fe6c-6687-48fd-904d-0bfa39044b31n%40googlegroups.com.

[Pasha Seliverstov]

Hi Chris,

Thank you. The command line call  "gcloud services enable xxxxxxxxxxxxxxxx.cloud.goog"  does not enable API. But it was possible to enable API via the dashboard.

Best regards,

Pasha 

[James Douitsis]

Has there been any updates on this regarding the original question (Generate API Key for External API User) ?