This page describes how to utilize API keys in API Gateway.
An API key is a simple string that identifies aGoogle Cloud project for quota, billing, and monitoring purposes. Adeveloper generates an API key in a project in the Google Cloud console andembeds that key in every call to your API as a query parameter or in a request header.
If you specify an API key requirement in your API config,API Gateway uses the API key to look up the associated Google Cloud project. API Gateway rejects requests unlessthe API key was generated in your Google Cloud project or within otherGoogle Cloud projects in which your API has been enabled.
To create an API key, or view API keys already available within your Google Cloud project, go to the APIs & Services > Credentials page.
Use case
To use API Gateway features such asquotas, you can pass in an APIkey so that API Gateway can identify the Google Cloud projectthat the client application is associated with.
About API key authentication for API Gateway
If you are using an API key for authentication, you must first enable API key supportfor your service.
Enter the following command:
gcloud services enable MANAGED_SERVICE_NAME
The MANAGED_SERVICE_NAME specifies the name of the managed service created when you deployed the API. You can find this name in the Managed Service column for your API on the APIs landing page in the console. Alternatively, you can find this name in the Managed service property when using the gcloud api-gateway apis describe command.
For example:
gcloud services enable my-api-a12bcd345e67f89g0h.apigateway.my-project.cloud.goog
Restricting API keys
API keys are unrestricted by default. Unrestricted keys are insecure becausethey can be used by anyone from anywhere. We recommend that you add API restrictions where possible.API restrictions specify which APIs can be called using the API key. All API keys used by production applications should have API restrictions.
To add API restrictions:
Find the title of the API as noted in your API Config. In the following example, the API title is
My Example Config:# openapi.yamlswagger: '2.0'info: title: My Example Config description: Sample API on API Gateway version: 1.0.0...
In the Google Cloud console, go to the APIs & Services > Credentials page.
Select the name of the API key you wish to use for your API.
In the API restrictions section of the API key detail page, click Restrict key.
Select the API that your API key will be used to access from the dropdown list of available APIs. For example, ifusing the example config above, select
My Example Config.Click Save.
Your restriction should take effect momentarily.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-10 UTC.
[{ "type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }]
