Prerequisites
This page assumes that you have already:
Configuring authentication
To authenticate with a service account:
Import the App Engine Endpoints API in your API class:
import endpoints
Add an issuer object for the service account to the API decorator. For example:
@endpoints.api( name='echo', version='v1', issuers={'serviceAccount': endpoints.Issuer( 'YOUR_SERVICE_ACCOUNT_EMAIL', 'https://www.googleapis.com/robot/v1/metadata/x509/YOUR_SERVICE_ACCOUNT_EMAIL')}, audiences={'serviceAccount': ['YOUR_AUDIENCE']})
- Replace
echo
with the name of your API. - Replace
v1
with your API version. - Replace
YOUR_SERVICE_ACCOUNT_EMAIL
with your service account email. - Replace
YOUR_AUDIENCE
with the value in theaud
field sent by the calling service.
- Replace
In each API method where you want to check for proper authentication, check for a valid
User
and raise error401
if there isn't one, as shown in this sample method definition:user = endpoints.get_current_user() # If there's no user defined, the request was unauthenticated, so we # raise 401 Unauthorized.
Deploy the API. You need to redeploy the API whenever you add new clients.