- JSON representation
- Target
- AuthenticationRequirement
- JwtAuthentication
- RemoteJwks
- TargetServer
- ApiOperationParameter
- JwtClaim
- StringTransformation
- AuthenticationRequirements
- ConsumerAuthorization
- ApiOperation
- HttpMatch
- CorsPolicy
A Configurable API Proxy configuration.
JSON representation | |
---|---|
{ "basepath": string, "target": { object ( |
Fields | |
---|---|
basepath |
Base path of this Proxy. |
target |
The default Target. |
authentication |
Optional. The default authentication requirements. |
consumerAuthorization |
Optional. The default consumer authorization requirement. |
operations[] |
Optional. List of API operations. The API Operation with the most specific matching rule wins independent of the order of Operations. If none are specified, a default API Operation matching all requests will be generated. |
cors |
Optional. The default CORS policy. |
Target
Settings for routing to a Target.
JSON representation | |
---|---|
{ // Union field |
Fields | ||
---|---|---|
Union field endpoint . The target endpoint, sometimes referred to as a "backend" or "cluster." endpoint can be only one of the following: |
||
targetServerId |
The resource ID of a Target Server. |
|
uri |
URI of the resource where requests should be routed. May contain Deployment Parameter variables. Supported URI schemes: * |
AuthenticationRequirement
An authentication requirement.
JSON representation | |
---|---|
{ "disabled": boolean, // Union field |
Fields | ||
---|---|---|
disabled |
If true, this AuthenticationRequirement is ignored. |
|
Union field requires . The requirement. requires can be only one of the following: |
||
jwt |
A JWT based authentication requirement. |
|
any |
Any of these authentication requirements must be met. Up to two levels of recursion may be specified, for example [Any (All (JWT-A, JWT-B), Any (JWT-C, JWT-D)]. |
|
all |
All of these authentication requirements must be met. Up to two levels of recursion may be specified, for example [All (All (JWT-A, JWT-B), Any (JWT-C, JWT-D)]. |
JwtAuthentication
A JWT authentication requirement.
JSON representation | |
---|---|
{ "id": string, "audiences": [ string ], "forwardPayloadHeader": string, "issuer": string, "in": [ { object ( |
Fields | |
---|---|
id |
Identifier of this JWT requirement, unique within the Proxy. |
audiences[] |
Optional. A list of JWT audiences ("aud" claim) allowed to access. A JWT containing any of these audiences will be accepted. If not specified, the audiences in JWT will not be checked. |
forwardPayloadHeader |
Optional. Header name that will contain decoded JWT payload in requests forwarded to target. May contain Deployment Parameter variables. |
issuer |
JWT issuer ("iss" claim). May contain Deployment Parameter variables. |
locations[] |
Optional. Locations where JWT may be found. First match wins. If not specified, the standard OAuth 2.0 Authorization Bearer Token will be used. |
remoteJwks |
Remote JWKS. |
RemoteJwks
A remote JWKS source.
JSON representation | |
---|---|
{ "cacheDuration": string, // Union field |
Fields | ||
---|---|---|
cacheDuration |
Optional. Duration to cache the JWKS for before attempting to refresh. Default value if not specified is one hour. A duration in seconds with up to nine fractional digits, terminated by ' |
|
Union field endpoint . The JWKS endpoint. endpoint can be only one of the following: |
||
uri |
The full URI of the remote endpoint, including path component of the HTTP request URL. |
|
targetServer |
A Target Server and optional request URL path component. |
TargetServer
Reference to a Target Server and request URL path component.
JSON representation | |
---|---|
{ "id": string, "path": string } |
Fields | |
---|---|
id |
ID of the Target Server. |
path |
Optional. Path component of the URL used for HTTP requests to this Target Server. |
ApiOperationParameter
An API Operation parameter.
JSON representation | |
---|---|
{ "transformation": { object ( |
Fields | ||
---|---|---|
transformation |
Optional. Transformation of the parameter value. |
|
Union field match . How to match the parameter. match can be only one of the following: |
||
query |
Exact name of an HTTP query string parameter. |
|
header |
Exact name of an HTTP header. |
|
jwtClaim |
A JWT claim. |
JwtClaim
Reference to a JWT claim.
JSON representation | |
---|---|
{ "requirement": string, "name": string } |
Fields | |
---|---|
requirement |
ID of the JWT requirement. |
name |
The name of the claim. |
StringTransformation
Generic string transformation using simple template syntax. Example: Given template = "Bearer {token}"
and substitution = "{token}"
with input value "Bearer ABCD"
, the output will be "ABCD"
.
JSON representation | |
---|---|
{ "template": string, "substitution": string } |
Fields | |
---|---|
template |
String template. Up to three variables may be specified. Example: "Bearer {token}" |
substitution |
Substitution string, using variables declared in the template. Up to three variable references may be specified. Example: "{token}" |
AuthenticationRequirements
A list of authentication requirements.
JSON representation | |
---|---|
{
"requirements": [
{
object ( |
Fields | |
---|---|
requirements[] |
Authentication requirements. |
ConsumerAuthorization
Configuration of API consumer authorization.
JSON representation | |
---|---|
{ "in": [ { object ( |
Fields | |
---|---|
in[] |
Optional. Location of API consumer credential (API Key). First match wins. |
locations[] |
Location of API consumer credential (API Key). First match wins. |
failOpen |
Allow requests to be forwarded even if the consumer credential cannot be verified by the API credential provider due to service unavailability. |
quotaIdentifier |
The quota identifier for matched requests. If not specified, APP will be used. |
disabled |
If true, this ConsumerAuthorization is ignored. |
ApiOperation
An API Operation associates a set of rules with a set of request matching settings.
JSON representation | |
---|---|
{ "id": string, "httpMatch": [ { object ( |
Fields | |
---|---|
id |
Identifier of this operation, unique within the API Proxy. |
httpMatch[] |
Optional. HTTP matching rules for this API operation. If omitted, this Operation matches all requests. |
target |
Optional. The Target for this Operation. If specified, this overrides the default. |
authentication |
Optional. The authentication requirements for this Operation. If specified, this overrides the default. |
consumerAuthorization |
Optional. Consumer authorization requirement for this Operation. If specified, this overrides the default. |
HttpMatch
An HTTP request matching rule.
JSON representation | |
---|---|
{
"pathTemplate": string,
"method": enum ( |
Fields | |
---|---|
pathTemplate |
URL path template using to match incoming requests. |
method |
Optional. The HTTP method to match. Omit to match all methods. |
CorsPolicy
Settings for handling CORS preflight requests.
JSON representation | |
---|---|
{ "allowOrigins": [ string ], "allowOriginRegexes": [ string ], "allowMethods": [ string ], "allowHeaders": [ string ], "exposeHeaders": [ string ], "maxAge": string, "allowCredentials": boolean } |
Fields | |
---|---|
allowOrigins[] |
Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it exactly matches any value in the list. |
allowOriginRegexes[] |
Specifies the regular expression patterns that match allowed origins. For regular expression grammar please see github.com/google/re2/wiki/Syntax. An origin is allowed if it matches any pattern in the list. |
allowMethods[] |
Specifies the content for the |
allowHeaders[] |
Specifies the content for the |
exposeHeaders[] |
Specifies the content for the |
maxAge |
Specifies how long results of a preflight request can be cached in seconds. This translates to the |
allowCredentials |
In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the |