How to use Cloud Endpoint in GCP

 

What is Cloud Endpoint in GCP

Cloud Endpoint is  a API management offering from GCP (Google Cloud Platform). It is a tool which give help at every step of API management right from development, deployment, exposing API, insights, monitoring, tracing and logging. It’s an NGINX based proxy available on top of your application which provides performance, scalability and security .

Below are some of the major of cloud endpoint.

Advantage of cloud endpoint

  • API protection: You can control authentication with each API access without modifying any business logic. You can not only authenticate the API but can also authorize the each request even at function level (that’s too without modifying core business logic)
  • Speed: Available for all GCP computing offering (App engine, compute engine and kubernates engine) with super speed.
  • World class monitoring: With Cloud endpoint you will automatically get world class monitoring with stackdriver.
  • Any language for API development: You can create your API in any language even for Java and Python they have provided API framework as well but even beyond that you can opt any programming language and use Open API specification to deploy your containerize proxy.
  • Development support: You can add new feature or rollout existing feature in API with the help of compute offering from GCP.
  • Open API specification support: Cloud endpoint supports open API specification which means your APIs will followed by global standard.

Benefits of using Open API specification

This will give following benefits

  • Help cloud endpoint to create proxy
  • You can expose API with Open API specification to anyone
  • Use security over API
  • Use access scope through it

Which GCP compute offering can be used to deploy cloud endpoint

You can deploy API backend code on any of the three offering from  GCP (earlier it was a part of App Engine only)

  • Compute Engine
  • App Engine
  • Kubernates Engine

Deploying basic Cloud Endpoint

In this article, I will explain how exactly we can deploy a cloud Endpoint. In order to create a cloud endpoint deployment you need three things:

Generating new OpenAPI document

Depending on your selected language to use, you may generate an OpenAPI document. In Java, there are open source projects for both Jersey and Spring, it can generate an OpenAPI document from annotations. Apart from that there is also a Maven plugin. Even for Python users, flask-swagger may be an option, and swagger-node-express for Node based projects.

Steps by steps guide to cloud endpoint deployment on App Engine

  1. Modify host in openapi-appengine.yaml
  2. Go to Google Cloud SDK and run command
     gcloud endpoints services deploy openapi-appengine.yaml 
  3. Update app.yaml with service_name and run command
    gcloud app deploy

 

You can get the Service name by running the command

gcloud endpoints configs list –service=–HOST_UNDER_openapi-appegnine.yaml—

 

  1. Login to Cloud console Go to API & Services and click on credentials, get API key from there
  2. Run phpendpoints.php make-request https://YOUR-PROJECT-ID.appspot.com YOUR-API-KEY
  3. You are done you can go to GCP>> endpoints >> services. You will see the endpoint service now

 

Authenticating API using cloud Endpoint

It’s the beauty of cloud endpoint is that you can authenticate API without modifying  core business logic. There are 3 types of authentication type we can add with cloud endpoint.

  1. API Key : Under our step by step deployment guide above we have mentioned the steps. We need to get API key and use this API key while making API request (see above).
  2. Service account- (You need API key + service account json both for this). In order to achieve this we need to add couple of line on openapi.yaml file

google_jwt:

          # Update this with your service account's email address.

x-google-jwks_uri: <a href="https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL">https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL</a>

Now run the command again for app engine

 gcloud app deploy 

Then to call it we need to use the json file like

Now you can use the JWT client to make requests to the API:

 phpendpoints.php make-request https://YOUR-PROJECT-ID.appspot.com YOUR-API-KEY /path/to/service-account.json

 

  1. JWT (Json Web token)- Custom authentication. This is mostly used for server-to-server communication. Here any third party can issue the token and you can use token every time you are making a request on the server. Its like SSO feature. You can use Oauth as well for generating tokens for your app.

 

Related posts:

The following two tabs change content below.

Chandra Shekhar

GCP Architect
Chandra Shekhar Pandey is Google certified Cloud engineer, I am Magento2 Trained developer. Having huge experience in designing cloud solution. I have around 12 years of experience with world enterprise IT companies and fortune 500 clients. During my architecture design I am always caring about high availability, fast performance and resilient system. From the programmer background I have huge experience in LAMP stack as well. Throughout my carrier I have worked on Retail, E-Learning, Video... Read More about Chandra Shekhar

Latest posts by Chandra Shekhar (see all)