If an API requires an API key or any sort of authentication, then users of your API must enable it in their own Cloud projects before they can call it. This page shows you how to control who can enable your API. If you have been granted the right to enable an API, this page shows you how to enable it.
By default, a Google Cloud Endpoints service is private to the project that it was created in. Only the Cloud project members can see it in the APIs list on the Endpoints dashboard. Additionally, only keys from that same project can be used for those API methods that require a key. When you grant someone who is not a project member access to your API, they can enable your service in their own project and generate an API key, if one is needed.
Cloud Endpoints uses the Google Cloud Identity and Access Management (IAM) Service Consumer role to allow someone who is not a member of your Cloud project to enable your API in their own Cloud project. (In previous versions of Cloud Endpoints, the "Share an API" feature did not use IAM.) You can grant access using the Cloud Platform Console or the command line.
You revoke access to your API by removing the IAM Service Consumer role from a user or group that previously had the role. After you revoke someone's access, they will no longer be able to find and enable your API.
Important: If someone has already activated your API, revoking access will not prevent them from calling your API. Although there is no easy way to to prevent these calls post-activation, you could restrict access by API key and then add logic that disallows calls from that consumer's API key.
You can revoke access using the console or the command line.
Enable an API in Your Cloud Project
To use an API that you have been granted access to:
- In the Cloud Platform Console, go to APIs & services for your project.
- On the Library page, click Private APIs.
- Click the API you want to enable. If you need help finding the API, use the search field. A page displays with information about the API.
- Click Enable.
If the API has methods that require an API key, you'll be prompted to generate credentials (an API key); follow the prompts to create the API key. You are now ready to call the API, supplying the API key to those methods that require a key.