Authenticating with a service account


This page assumes that you have already:

Configuring authentication

To authenticate with a service account:

  1. Import the App Engine Endpoints API in your API class:

    import endpoints
  2. Add an issuer object for the service account to the API decorator. For example:

        issuers={'serviceAccount': endpoints.Issuer(
        audiences={'serviceAccount': ['YOUR_AUDIENCE']})
    • Replace echo with the name of your API.
    • Replace v1 with your API version.
    • Replace YOUR_SERVICE_ACCOUNT_EMAIL with your service account email.
    • Replace YOUR_AUDIENCE with the value in the aud field sent by the calling service.
  3. In each API method where you want to check for proper authentication, check for a valid User and raise error 401if there isn't one, as shown in this sample method definition:

    user = endpoints.get_current_user()
    # If there's no user defined, the request was unauthenticated, so we
    # raise 401 Unauthorized.
  4. Deploy the API. You need to redeploy the API whenever you add new clients.