Cloud Endpoints:控制谁可以通过API Explorer执行API [英] Cloud Endpoints: Control who can execute API through API Explorer

问题描述

每个通过Google帐户成功进行身份验证的人都可以通过API资源管理器执行API.

Everyone who successfully authenticates through Google account would be able to execute the API through the API Explorer.

我想将通过API资源管理器执行API的功能仅限制为某些用户.但同时我的Android和iOS应用程序的所有用户都可以访问该API.

I would like to limit the ability to execute the API through API Explorer only to some users. But at the same time have the API accessible for all users of my Android and iOS apps.

通过Android客户端ID和SHA指纹，至少可以确保Android App的安全性.因此，此处的范围不包括App访问安全性.

Security in the case of at least Android App is facilitated through the Android Client Id and SHA fingerprint. So, the scope here is to NOT include the App access security.

推荐答案

1. 确定该请求是通过API资源管理器发出的.一种方法是通过标头中的来源/引荐来源网址.要获取标头信息，请参见以下问题.

然后

1. 如果用户列表已知，则如果用户(endpoints.get_current_user())不在列表中，则在终结点方法中提高endpoints.UnauthorizedException.

1. If the list of users is known, in the endpoints method raise endpoints.UnauthorizedException if the user (endpoints.get_current_user()) is not in the list.

Python示例代码:

Python sample code:

if self.request_state.headers.get('x-referer') == "https://apis-explorer.appspot.com" and endpoints.get_current_user() not in MY_LIST:
  raise endpoints.UnauthorizedException('Not Authorized')

这篇关于Cloud Endpoints:控制谁可以通过API Explorer执行API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！