A REST interface that makes it easy for one application to consume capabilities or data from another application. By defining stable, simple, and well-documented entry points, APIs enable developers to easily access and reuse application logic built by other developers.
Created when you upload an API definition to API Gateway. Each time you upload an API definition, API Gateway creates a new API config. That is, you can create an API config but you cannot later modify it. If you later edit the API definition, and then upload the edited API definition, you create a new API config.
An Open API 2.0 spec
or gRPC configuration used to create an API config. An API definition specifies: the URL of the backend service, the data format of data passed on a request, the data format of any data returned by the service, the authentication mechanism used to control access to the service, and many more options.
A code passed in by a client application when it calls an API. API
keys identify the application or the Google Cloud project making
the call to the API. See
Why and when to use API keys
for more information on using an API key with your API Gateway API.
Cross-Origin Resource Sharing (CORS) is a specification that provides a way
for web applications to access resources on a server in another domain
(technically, in another origin). To learn more about CORS, see the
Mozilla Developer Network (MDN) web docs
and the Fetch Living Standard.
Google's authentication service that supports end user sign-in for client
applications by using credentials from popular federated identity providers
such as Google, Facebook, or Twitter. See
Firebase authentication
for more information.
An Envoy-based, high-performance, scalable proxy that hosts the deployed API config. Creating a gateway creates the external facing URL that your API clients use to access the API. A gateway only host a single API config. You cannot deploy multiple API configs to the same gateway.
A JSON Web Token (JWT) that contains the
OpenID Connect
fields needed to identify a Google user account or service account, and that
is signed by Google's authentication service, https://accounts.google.com.
A high performance, open source universal RPC framework developed by Google.
In gRPC, a client application can directly call methods on a server application
on a different machine as if it was a local object. See
gRPC Overview
for information on using gRPC with API Gateway and the
gRPC
website for general information.
JSON Web Token is an open standard access token format for use in HTTP
Authorization headers and URI query parameters.
See Introduction to JSON Web Tokens
for general information.
The Open API Initiative is an industry-wide effort to
standardize the description of REST APIs. APIs that are described with the
OpenAPI Specification (formerly
the Swagger Specification) can be supported with common
tools that create documentation, automate testing, and generate code for clients
and servers. See OpenAPI overview
for more information.
A file in either YAML or JSON format that you use to describe your API.
This file is also referred to as an API definition.
When uploaded to API Gateway, the OpenAPI document is converted to an API config.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis page provides definitions and links to further information for terms used within the API Gateway documentation.\u003c/p\u003e\n"],["\u003cp\u003eAPI definitions, created using OpenAPI or gRPC configurations, specify backend service URLs, data formats, and authentication mechanisms, among other options.\u003c/p\u003e\n"],["\u003cp\u003eAn API config is created each time an API definition is uploaded to API Gateway and is not modifiable, requiring a new upload for any edits.\u003c/p\u003e\n"],["\u003cp\u003eGateways, which are Envoy-based proxies, host a deployed API config and provide the external URL that clients use to access the API, with each gateway supporting only one API config.\u003c/p\u003e\n"],["\u003cp\u003eAPI keys are codes used by client applications to identify themselves or their Google Cloud project when calling an API.\u003c/p\u003e\n"]]],[],null,["# Glossary\n========\n\nThis page provides brief definitions and links to more information of terms\nthat are used in the API Gateway documentation.\n\nAPI\n: A REST interface that makes it easy for one application to consume capabilities or data from another application. By defining stable, simple, and well-documented entry points, APIs enable developers to easily access and reuse application logic built by other developers.\n\nAPI config\n: Created when you upload an [API definition](#api_definition) to API Gateway. Each time you upload an API definition, API Gateway creates a new API config. That is, you can create an API config but you cannot later modify it. If you later edit the API definition, and then upload the edited API definition, you create a new API config.\n\nAPI definition\n: An [Open API 2.0](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md) spec\n or [gRPC](http://www.grpc.io) configuration used to create an [API config](#api_config). An API definition specifies: the URL of the backend service, the data format of data passed on a request, the data format of any data returned by the service, the authentication mechanism used to control access to the service, and many more options.\n\nAPI key\n: A code passed in by a client application when it calls an API. API\n keys identify the application or the Google Cloud project making\n the call to the API. See\n [Why and when to use API keys](/endpoints/docs/openapi/when-why-api-key)\n for more information on using an API key with your API Gateway API.\n\nAuth0\n: A service that lets you define how users authenticate to applications. See\n [Auth0](https://auth0.com) for more information.\n\nCORS\n: Cross-Origin Resource Sharing (CORS) is a specification that provides a way\n for web applications to access resources on a server in another domain\n (technically, in another origin). To learn more about CORS, see the\n [Mozilla Developer Network (MDN) web docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)\n and the [Fetch Living Standard](https://fetch.spec.whatwg.org/).\n\nFirebase authentication\n: Google's authentication service that supports end user sign-in for client\n applications by using credentials from popular federated identity providers\n such as Google, Facebook, or Twitter. See\n [Firebase authentication](https://firebase.google.com/docs/auth/)\n for more information.\n\nGateway\n: An [Envoy](https://www.envoyproxy.io/docs/envoy/latest/)-based, high-performance, scalable proxy that hosts the deployed [API config](#api_config). Creating a gateway creates the external facing URL that your API clients use to access the API. A gateway only host a single API config. You cannot deploy multiple API configs to the same gateway.\n\nGoogle ID token\n: A JSON Web Token (JWT) that contains the\n [OpenID Connect](https://developers.google.com/identity/protocols/OpenIDConnect)\n fields needed to identify a Google user account or service account, and that\n is signed by Google's authentication service, `https://accounts.google.com`.\n\ngRPC\n: A high performance, open source universal RPC framework developed by Google.\n In gRPC, a client application can directly call methods on a server application\n on a different machine as if it was a local object. See\n [gRPC Overview](/api-gateway/docs/grpc-overview)\n for information on using gRPC with API Gateway and the\n [gRPC](http://www.grpc.io)\n website for general information.\n\nJWT\n: JSON Web Token is an open standard access token format for use in HTTP\n Authorization headers and URI query parameters.\n See [Introduction to JSON Web Tokens](https://jwt.io/introduction/)\n for general information.\n\nOpenAPI\n: The [Open API Initiative](http://openapis.org) is an industry-wide effort to\n standardize the description of REST APIs. APIs that are described with the\n [OpenAPI Specification](https://github.com/OAI/OpenAPI-Specification) (formerly\n the [Swagger Specification](http://swagger.io)) can be supported with common\n tools that create documentation, automate testing, and generate code for clients\n and servers. See [OpenAPI overview](/api-gateway/docs/openapi-overview)\n for more information.\n\nOpenAPI document\n: A file in either YAML or JSON format that you use to describe your API.\n This file is also referred to as an [API definition](#api_definition).\n When uploaded to API Gateway, the OpenAPI document is converted to an [API config](#api_config).\n\nSurface\n: The public interface of an [API](#api_def). An API's surface consists of the methods\n as well as the parameters and return types used in the methods."]]