I have created an app and some REST API on Google Appengine and deployed it to
我在Google Appengine上创建了一个应用程序和一些REST API并将其部署到
www.my-appspot-id.appspot.com
www.my-appspot-id.appspot.com
I'm using Google Datastore to store my data and have created API's to access that data. However, i can access my API directly also using www.my-appspot-id.appspot.com/_ah/api/explorer which means anyone can access them and can manipulate the data which i don't want.
我正在使用Google Datastore存储我的数据,并创建了API来访问该数据。但是,我也可以使用www.my-appspot-id.appspot.com/_ah/api/explorer直接访问我的API,这意味着任何人都可以访问它们并可以操作我不想要的数据。
How to restrict access so that nobody but some particular registered set of users can only use it?
如何限制访问,以便只有一些特定注册用户可以使用它?
3 个解决方案
#2
0
I think you need to authenticate your endpoints and authorize only some client id. OAuth 2 authentication : https://developers.google.com/appengine/docs/python/endpoints/getstarted/backend/auth Allowed client ids and audience : https://developers.google.com/appengine/docs/python/endpoints/create_api#allowed_client_ids_and_audiences
我认为您需要对端点进行身份验证并仅授权一些客户端ID。 OAuth 2身份验证:https://developers.google.com/appengine/docs/python/endpoints/getstarted/backend/auth允许的客户ID和受众:https://developers.google.com/appengine/docs/python/endpoints / create_api#allowed_client_ids_and_audiences
#3
0
To answer your question : you can't.
回答你的问题:你做不到。
Google Cloud Endpoints is based on the explorer api: everybody will be able to navigate into your API, and see the differents methods available.
Google Cloud Endpoints基于资源管理器api:每个人都可以导航到您的API,并查看可用的不同方法。
BUT if you add an authentication to your methods, the visitor will not be able to execute them.
但是,如果您为方法添加身份验证,则访问者将无法执行它们。
#1
#2
0
I think you need to authenticate your endpoints and authorize only some client id. OAuth 2 authentication : https://developers.google.com/appengine/docs/python/endpoints/getstarted/backend/auth Allowed client ids and audience : https://developers.google.com/appengine/docs/python/endpoints/create_api#allowed_client_ids_and_audiences
我认为您需要对端点进行身份验证并仅授权一些客户端ID。 OAuth 2身份验证:https://developers.google.com/appengine/docs/python/endpoints/getstarted/backend/auth允许的客户ID和受众:https://developers.google.com/appengine/docs/python/endpoints / create_api#allowed_client_ids_and_audiences
#3
0
To answer your question : you can't.
回答你的问题:你做不到。
Google Cloud Endpoints is based on the explorer api: everybody will be able to navigate into your API, and see the differents methods available.
Google Cloud Endpoints基于资源管理器api:每个人都可以导航到您的API,并查看可用的不同方法。
BUT if you add an authentication to your methods, the visitor will not be able to execute them.
但是,如果您为方法添加身份验证,则访问者将无法执行它们。