Manage API Keys [206669729]

Assigned

Feature Request

Status Update

No update yet.

Description

in...@gmail.com

created issue #1

Nov 17, 2021 12:21AM

Build APIs and a UI that makes it easier to create, issue and distribute API keys attached to the gateway/service.

It feels like API Gateway is leaning towards developers who want to create public accessible APIs for hundreds, if not thousands of customers. Having an easy API/UI that can create and issue them to clients is needed.

The current mechanism is to:
1. Go to a separate tool in GCP (credentials in services&library) and make them by hand. Or use a gcloud command that is in alpha.
2. Manually distribute that key to a client/customer
3. Handle manually rotating API keys upon being compromised

This is far from a self service portal, even for developers. Also there is a hard limit of 300 API keys per project. This should be increased significantly.

API Gateway works great as an internal gateway for service to service calls. Or scenarios where you have a few clients/users.

This is a great service for small companies to distribute highly desired APIs. I’m sure Apigee has all these features but is an enterprise grade tool not suitable for small to mid size businesses.

Creating easier mechanisms to manage API keys for customers would be a huge benefit. Even just APIs that make it easier for the developer to manage them would go a long way.

Comments

ll...@google.com <ll...@google.com> #2Dec 7, 2021 09:47AM

Hello,

Thank you for reaching out to us!

I tried to reproduce this issue at my end. However, I am getting the intended behavior. Please check the official documentation referring configuration for the Oauth ClientID for Web applications.Also I would suggest you have a look at the validation rules for Authorized JavaScript origin mentioned.

Please let me know if that helped you with your use case and if there is anything else you would need assistance with.

Thank you

in...@gmail.com <in...@gmail.com> #3Dec 7, 2021 12:11PM

Hi, please read the documentation you linked:

> Scheme
> JavaScript origins must use the HTTPS scheme, not plain HTTP. Localhost URIs (including localhost IP address URIs) are exempt from this rule.

Subdomains of localhost (ie. foo.localhost) *are* "Localhost URIs" but are not currently exempt from the rule, contrary to the documentation.

ll...@google.com <ll...@google.com> #4Dec 7, 2021 03:53PM

Assigned to gc...@google.com.

Hello,

Thank you for reaching out to us with your request.

We have duly noted your feedback and will thoroughly validate it. While we cannot provide an estimated time of implementation or guarantee the fulfillment of the issue, please be assured that your input is highly valued. Your feedback enables us to enhance our products and services.

We appreciate your continued trust and support in improving our Google Cloud Platform products. In case you want to report a new issue, Please do not hesitate to create a new issue on the Issue Tracker providing a detailed description of your issue.

Once again, we sincerely appreciate your valuable feedback; Thank you for your understanding and collaboration.

in...@gmail.com <in...@gmail.com> #5Dec 7, 2021 04:21PM

Thanks!

On Tue, Dec 7, 2021 at 10:53 AM <buganizer-system@google.com> wrote:

- Show quoted text -

Issue 206669729

Description

Issue summary

Comments

ll...@google.com <ll...@google.com> #2Dec 7, 2021 09:47AM

in...@gmail.com <in...@gmail.com> #3Dec 7, 2021 12:11PM

ll...@google.com <ll...@google.com> #4Dec 7, 2021 03:53PM

in...@gmail.com <in...@gmail.com> #5Dec 7, 2021 04:21PM

Add comment

Issue metadata