How to use Cloud Endpoint in GCP
What is Cloud Endpoint in GCP
Cloud Endpoint is a API management offering from GCP (Google Cloud Platform). It is a tool which give help at every step of API management right from development, deployment, exposing API, insights, monitoring, tracing and logging. It’s an NGINX based proxy available on top of your application which provides performance, scalability and security .
Below are some of the major of cloud endpoint.
Advantage of cloud endpoint
- API protection: You can control authentication with each API access without modifying any business logic. You can not only authenticate the API but can also authorize the each request even at function level (that’s too without modifying core business logic)
- Speed: Available for all GCP computing offering (App engine, compute engine and kubernates engine) with super speed.
- World class monitoring: With Cloud endpoint you will automatically get world class monitoring with stackdriver.
- Any language for API development: You can create your API in any language even for Java and Python they have provided API framework as well but even beyond that you can opt any programming language and use Open API specification to deploy your containerize proxy.
- Development support: You can add new feature or rollout existing feature in API with the help of compute offering from GCP.
- Open API specification support: Cloud endpoint supports open API specification which means your APIs will followed by global standard.
Benefits of using Open API specification
This will give following benefits
- Help cloud endpoint to create proxy
- You can expose API with Open API specification to anyone
- Use security over API
- Use access scope through it
Which GCP compute offering can be used to deploy cloud endpoint
You can deploy API backend code on any of the three offering from GCP (earlier it was a part of App Engine only)
- Compute Engine
- App Engine
- Kubernates Engine
Deploying basic Cloud Endpoint
In this article, I will explain how exactly we can deploy a cloud Endpoint. In order to create a cloud endpoint deployment you need three things:
- yaml: For now we will analyze https://github.com/GoogleCloudPlatform/php-docs-samples/blob/master/endpoints/getting-started/openapi-appengine.yaml. But
- API backend code: For this article we will take an example code base from https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/endpoints/getting-started
- yaml: If you need to deploy your backend on app engine. For kubernates Click Here. For now we are taking reference of https://github.com/GoogleCloudPlatform/php-docs-samples/blob/master/endpoints/getting-started/app.yaml
Generating new OpenAPI document
Depending on your selected language to use, you may generate an OpenAPI document. In Java, there are open source projects for both Jersey and Spring, it can generate an OpenAPI document from annotations. Apart from that there is also a Maven plugin. Even for Python users, flask-swagger may be an option, and swagger-node-express for Node based projects.
Steps by steps guide to cloud endpoint deployment on App Engine
- Modify host in openapi-appengine.yaml
- Go to Google Cloud SDK and run command
gcloud endpoints services deploy openapi-appengine.yaml
- Update app.yaml with service_name and run command
gcloud app deploy
You can get the Service name by running the command
gcloud endpoints configs list –service=–HOST_UNDER_openapi-appegnine.yaml—
- Login to Cloud console Go to API & Services and click on credentials, get API key from there
- Run phpendpoints.php make-request https://YOUR-PROJECT-ID.appspot.com YOUR-API-KEY
- You are done you can go to GCP>> endpoints >> services. You will see the endpoint service now
Authenticating API using cloud Endpoint
It’s the beauty of cloud endpoint is that you can authenticate API without modifying core business logic. There are 3 types of authentication type we can add with cloud endpoint.
- API Key : Under our step by step deployment guide above we have mentioned the steps. We need to get API key and use this API key while making API request (see above).
- Service account– (You need API key + service account json both for this). In order to achieve this we need to add couple of line on openapi.yaml file
google_jwt: # Update this with your service account's email address. x-google-jwks_uri: <a href="https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL">https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL</a>
Now run the command again for app engine
gcloud app deploy
Then to call it we need to use the json file like
Now you can use the JWT client to make requests to the API:
phpendpoints.php make-request https://YOUR-PROJECT-ID.appspot.com YOUR-API-KEY /path/to/service-account.json
- JWT (Json Web token)- Custom authentication. This is mostly used for server-to-server communication. Here any third party can issue the token and you can use token every time you are making a request on the server. Its like SSO feature. You can use Oauth as well for generating tokens for your app.