google-cloud-platformgoogle-cloud-endpointsapi-key

Google cloud endpoints API key is not verified

I'm now developing REST API with Cloud endpoints and App engine. I will like to implement api key authentication but it does not work.

Looks good without query params of 'key=${API KEY}'.

# curl -X POST https://hogehoge.com/test -d '{"key":"value"}'
{
 "code": 16,
 "message": "Method doesn't allow unregistered callers (callers without established identity). Please use API Key or other form of API consumer identity to call this API.",
 "details": [
  {
   "@type": "type.googleapis.com/google.rpc.DebugInfo",
   "stackEntries": [],
   "detail": "service_control"
  }
 ]
}

But any key can be granted to access to the backend.

# curl -X POST https://hogehoge.com/test?key=aaa -d '{"key":"value"}'
POST is sended.

Of course, API key generated via API management will work.

# curl -X POST https://hogehoge.com/test?key=${realkey} -d '{"key":"value"}'
POST is sended.

Cloud endpoint file definition is

swagger: "2.0"
info:
  title: "xxxxxxxxx"
  description: "xxxxxxxxx"
  version: "1.0.0"
host: "hogehoge.com"
schemes:
  - "https"
security: []
paths:
  "/test":
    post:
      description: "test"
      operationId: "test"
      security:
        - api_key: []
      parameters:
        - name: body
          in: body
          required: true
          schema:
            $ref: '#/definitions/testRequest'
      responses:
        201:
          description: "Success"
          schema:
            $ref: '#/definitions/testResponse'
definitions:
  testRequest:
    type: object
    required:
      - data
    properties:
      data:
        type: object
        required:
          - key
        properties:
          token:
            type: string
            example: value
            maxLength: 20
  testResponse:
    type: string

securityDefinitions:
  api_key:
    type: "apiKey"
    name: "key"
    in: "query"

What I expect is only key generated via API management will be granted to access. Let me know how to solve this issue.

Thanks.

Solution

  • It seems that the Service Control API might not be enabled on your project.

    In order to check that, you can run

    gcloud services list --enabled --project your-gcloud-project-name

    If servicecontrol.googleapis.com is not listed in the result of the previous command, you should run

    gcloud services enable servicecontrol.googleapis.com --project your-gcloud-project-name

    Furthermore, you could check that you have all the required services for Endpoints enabled. You can see how to do this in the documentation