如何让谷歌端点从网站无法访问？ [英] how to make google endpoints inaccessible from the web?

问题描述

我有一个Android应用程序可以访问通过谷歌端点一组API。问题是，在相同的API是从web访问通过的https：//你的 - app-id.appspot.com/_ah/api/explorer ，我不希望这种事情发生。也就是说，我希望数据存储可访问（和修改）只从移动设备。有一个简单的方法来做到这一点？我一看enpoint鉴别，并没有完全理解，（我还是新来这一切......），所以我想知道是否有一个更简单的回答这个（显然）简单的问题。

I have an Android app that has access to a set of APIs through Google Endpoints. The problem is that the same APIs are accessible from the web through https://your-app-id.appspot.com/_ah/api/explorer, and I don't want this to happen. That is, I want the datastore to be accessible (and modifiable) only from mobile devices. Is there a simple way to do this? I had a look at enpoint authentification and did not completely understand that (I'm still new to all of this...), so I wondered if there was a simpler answer to this (apparently) simple problem.

推荐答案

目前还没有办法改变的事实，你的端点是从网上公开可见的（等）。

There is currently no way to change the fact that your endpoints are publicly visible from the web (etc.).

但是，您可以实现身份验证，以确保它们只能由您的客户端（无论是手机还是网络）。您可以对谷歌帐户进行身份验证的客户端设备上，或者你可以验证您的应用程序。

You can however, implement authentication to ensure that they are only used by your clients (whether mobile or web). You can authenticate against the Google account on the client device, or you can just authenticate your app.

这个文档是在这里：
https://developers.google.com/appengine/docs/java/endpoints/consume_android

也有一些在这里：结果
https://developers.google.com/eclipse/docs/endpoints-addauth

There is also some here:
https://developers.google.com/eclipse/docs/endpoints-addauth

不幸的是，都非常好，而且他们更注重用户（相对于应用程序）的认证。所以，如果你有问题，我也建议你所以用[谷歌应用程序的端点]认证搜索。

Unfortunately, neither are very good, and they focus more on user (vs. app) authentication. So if you have problems I would also suggest you search SO with "[google-app-endpoints]authentication".

这篇关于如何让谷歌端点从网站无法访问？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！