google-cloud-platformgoogle-cloud-functionsgoogle-cloud-api-gateway

GCP API Gateway route returns Google Sign-In page instead of expected response

While following the documentation for setting up GCP's API Gateway, I run into an issue that when I make a call to the endpoint, like so:

curl --request POST 'https://my-dev-project-XXX.wl.gateway.dev/helloWorld?key=XXX'

it returns an HTML page to authenticate with a Google Sign-in rather than the appropriate response of: "Hello World!"

Problem with function name?

I know the Cloud Function helloWorld exists, because if I change the cURL request above to be something like:

curl --request POST 'https://my-dev-project-XXX.wl.gateway.dev/helloWorldButChangeTheName?key=XXX'

it returns:

{"message":"The current request is not defined by this API.","code":404}

Problem with API Key?

I know the API key is valid because if I change it to YYY, I get:

{"code":400,"message":"INVALID_ARGUMENT:API key not valid. Please pass a valid API key."}

Problem with Request Method?

I know the Request method of POST is correct because if I change it to GET, it returns:

{"message":"The current request is matched to the defined url template \"/helloWorld\" but its http method is not allowed","code":405}

Problems with authorization?

There are a few similar StackOverflow resolved issues with Cloud Functions generally [1] and [2]; however, this isn't the same issue. I know this because I have made the actual Cloud Function publicly accessible without requiring authorization. So if I call:

curl --request POST 'https://us-west2-my-dev-project.cloudfunctions.net/helloWorld'

I get back "Hello World!".

Problems with Service account roles?

Following the documentation for configuring a service account for the gateway, I made sure to set the two roles:

I'm not certain what it looks like if I don't have these set correctly (as I found the answer before reaching the conclusion that something could be wrong here), but these settings should be sufficient.

API Config File

The only "significant" difference I have different from the documented tutorial is my config file, which is:

swagger: '2.0'
info:
  title: XXX
  description: Sample API on API Gateway with a Google Cloud Functions backend
  version: 1.0.0
schemes:
  - https
produces:
  - application/json
paths:
  # different name than tutorial
  /helloWorld:
    post:
      summary: Greet a user
      # different id than tutorial
      operationId: helloWorld
      x-google-backend:
        # different endpoint than tutorial
        address: https://us-central1-my-prod-project.cloudfunctions.net/helloWorld
      security:
        - api_key: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string
securityDefinitions:
  api_key:
    type: apiKey
    name: key
    in: query
Solution

  • The Google Sign-in screen caused a lot of confusion here as the issue doesn't seem one that would produce such a result. You'd think it'd be an issue with authentication, but it's not. Instead, there are two issues with the API Config File, both regarding the address:

    1. The region is different than the Cloud Function's. The Cloud Function is deployed on us-west2 whereas the API Config file has it set to us-central1 (what is shown in the documentation).
    2. The project ID is different than the Cloud Function's. The Cloud Function has the ID of my-dev-project whereas the API Config file has it set to my-prod-project. This is because I have two different environments I was trying this out on and messed it up.

    I imagine other subtle issues with the API Config file may cause the response to be the Google Sign-in page as well so if my two points above didn't solve your issue, look for other differences, such as the path names and operationId.