How to use Cloud Endpoint in GCP

Cloud Endpoint is  a API management offering from GCP (Google Cloud Platform). It is a tool which give help at every step of API management right from development, deployment, exposing API, insights, monitoring, tracing and logging. It’s an NGINX based proxy available on top of your application which provides performance, scalability and security .

Below are some of the major of cloud endpoint.

Advantage of cloud endpoint

• API protection: You can control authentication with each API access without modifying any business logic. You can not only authenticate the API but can also authorize the each request even at function level (that’s too without modifying core business logic)
• Speed: Available for all GCP computing offering (App engine, compute engine and kubernates engine) with super speed.
• World class monitoring: With Cloud endpoint you will automatically get world class monitoring with stackdriver.
• Any language for API development: You can create your API in any language even for Java and Python they have provided API framework as well but even beyond that you can opt any programming language and use Open API specification to deploy your containerize proxy.
• Development support: You can add new feature or rollout existing feature in API with the help of compute offering from GCP.
• Open API specification support: Cloud endpoint supports open API specification which means your APIs will followed by global standard.

This will give following benefits

• Help cloud endpoint to create proxy
• You can expose API with Open API specification to anyone
• Use security over API
• Use access scope through it

You can deploy API backend code on any of the three offering from  GCP (earlier it was a part of App Engine only)

• Compute Engine
• App Engine
• Kubernates Engine

In this article, I will explain how exactly we can deploy a cloud Endpoint. In order to create a cloud endpoint deployment you need three things:

• yaml: For now we will analyze https://github.com/GoogleCloudPlatform/php-docs-samples/blob/master/endpoints/getting-started/openapi-appengine.yaml. But
• API backend code: For this article we will take an example code base from https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/endpoints/getting-started
• yaml: If you need to deploy your backend on app engine. For kubernates Click Here. For now we are taking reference of https://github.com/GoogleCloudPlatform/php-docs-samples/blob/master/endpoints/getting-started/app.yaml

Depending on your selected language to use, you may generate an OpenAPI document. In Java, there are open source projects for both Jersey and Spring, it can generate an OpenAPI document from annotations. Apart from that there is also a Maven plugin. Even for Python users, flask-swagger may be an option, and swagger-node-express for Node based projects.

1. Modify host in openapi-appengine.yaml
2. Go to Google Cloud SDK and run command

    gcloud endpoints services deploy openapi-appengine.yaml 

3. Update app.yaml with service_name and run command

   gcloud app deploy

You can get the Service name by running the command

gcloud endpoints configs list –service=–HOST_UNDER_openapi-appegnine.yaml—

4. Login to Cloud console Go to API & Services and click on credentials, get API key from there
5. Run phpendpoints.php make-request https://YOUR-PROJECT-ID.appspot.com YOUR-API-KEY
6. You are done you can go to GCP>> endpoints >> services. You will see the endpoint service now

It’s the beauty of cloud endpoint is that you can authenticate API without modifying  core business logic. There are 3 types of authentication type we can add with cloud endpoint.

1. API Key : Under our step by step deployment guide above we have mentioned the steps. We need to get API key and use this API key while making API request (see above).
2. Service account– (You need API key + service account json both for this). In order to achieve this we need to add couple of line on openapi.yaml file

google_jwt:

          # Update this with your service account's email address.

x-google-jwks_uri: <a href="https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL">https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL</a>

Now run the command again for app engine

 gcloud app deploy 

Then to call it we need to use the json file like

Now you can use the JWT client to make requests to the API:

 phpendpoints.php make-request https://YOUR-PROJECT-ID.appspot.com YOUR-API-KEY /path/to/service-account.json

3. JWT (Json Web token)- Custom authentication. This is mostly used for server-to-server communication. Here any third party can issue the token and you can use token every time you are making a request on the server. Its like SSO feature. You can use Oauth as well for generating tokens for your app.

The following two tabs change content below.

• Bio
• Latest Posts

Chandra Shekhar

GCP Architect

Chandra Shekhar Pandey is Google certified Cloud engineer, I am Magento2 Trained developer. Having huge experience in designing cloud solution. I have around 12 years of experience with world enterprise IT companies and fortune 500 clients. During my architecture design I am always caring about high availability, fast performance and resilient system. From the programmer background I have huge experience in LAMP stack as well. Throughout my carrier I have worked on Retail, E-Learning, Video Conferencing and social media domain. The motive of creating cutehits was just to share the knowledge/solutions I get to know during my day to day life so that if possible I can help someone for same problems/solutions. CuteHits.com is a really a very effort for sharing knowledge to rest of the world. For any query/suggestion about same you can contact me on below details:- Email: shekharmca2005 at gmail.com Phone: +91-9560201363

Latest posts by Chandra Shekhar (see all)

• Best practices for micro service design - January 23, 2022
• Spring Boot - January 23, 2022
• Java - January 23, 2022