Open in app

Sign in

Write

Sign in

An Introduction to Cloud Endpoints

Dinesh Lalwani
12 min readDec 11, 2020
Cloud Endpoints

A distributed API management system

A] What is Cloud endpoint?

Endpoints is an API management system that helps you secure, monitor, analyze, and set quotas on your APIs using the same infrastructure Google uses for its own APIs. It provides an API console, hosting, logging, monitoring, and other features to help you create, share, maintain, and secure your APIs. For developers building applications and microservices on Google Cloud Platform (GCP), Cloud Endpoints is the best-suited modern API gateway that helps secure and monitor their APIs

Cloud Endpoints can be used to expose different Cloud Services like Cloud Function, App Engine, Kubernetes, Compute Engine (Docker), etc.

Endpoints is available for use with the distributed Extensible Service Proxy (ESP) or the Extensible Service Proxy V2 (ESPv2). Each proxy provides support to the platforms described below:

  • App Engine flexible (ESP only)
  • Google Kubernetes Engine (ESP or ESPv2)
  • Compute Engine (ESP or ESPv2)
  • Kubernetes (ESP or ESPv2)
  • App Engine standard (ESPv2 only)
  • Cloud Functions (ESPv2 only)
  • Cloud Run (ESPv2 only)
  • Cloud Run for Anthos (ESPv2 only)

B] Which companies use Endpoint?

13 companies reportedly use Google Cloud Endpoints in their tech stacks, including Chiper, services and Google Cloud Partner.

C] Endpoints API management features

It provides a number of significant API management features to enable you to develop, monitor, and control access to your APIs.

i) Logs and metrics

Endpoints uses Service Infrastructure to manage APIs and report logs and metrics. Most Google Cloud APIs use this same infrastructure.

Service Infrastructure is a foundational platform for creating, managing, securing, and consuming APIs and services across organizations. It is used by Google APIs, Cloud Endpoints and API Gateway.

Service Infrastructure provides multiple public APIs for the three planes mentioned in its architecture below. Cloud endpoints is a framework built on top of these APIs.

ii) API hosting

Endpoints is optimized for the Docker container environment. You can host your API anywhere Docker is supported so long as it has internet access to Google Cloud.

iii) Controlling API access

Endpoints lets you configure your API to require an API key for any call and validates the API key. You can also use the Google Cloud Console to share your API with other developers so they can enable your API and generate API keys to call it.

iv) Authenticating API users

For most API calls, there is a user on the other end of each call. While API keys indicate which app is making a call to your API, the authentication process determines which user is using that app.

D] Architecture of Cloud Endpoints

The components that make up Endpoints are:

i) ESP

ESP is a NGINX-based proxy that runs in front of the backend and injects Endpoints functionality such as authentication, monitoring, and logging. ESP retrieves a service configuration from Service Management and uses it to validate incoming requests.

ESP is designed for you to deploy it in a containerized environment and validate JWTs and Google ID tokens. It employs a variety of techniques, such as heavy caching and asynchronous calls to remain lightweight and highly performant.

ii) Service Control

Service Control applies API management rules at runtime, such as key authentication, monitoring, and logging. Service Control provides the following methods:

  • Check — verifies authentication and API keys, and indicates whether a call should be permitted
  • Report — notifies the systems of record for logging and monitoring

iii) Service Management

You use the OpenAPI specification to describe the surface and the behavior of your API in a text file referred to as the Endpoints configuration. You deploy the Endpoints configuration to Service Management by using the Cloud SDK, which configures the API management rules. Other configuration related tasks also happen here, such as sharing your API with other developers, enabling or disabling the API in different projects, and generating API keys.

iv) The Cloud SDK

The Cloud SDK provides the gcloud command-line tool that you can use to make calls to various Google Cloud services. You use the gcloud command-line tool to deploy your Endpoints configuration to Service Management.

v) Google Cloud Console

Cloud Console is the graphical user interface for Google Cloud. Endpoints uses the Cloud Console to expose monitoring and logging data that are sent from ESP or ESPv2 and recorded by Service Control and share APIs with other developers, and for them to generate API keys to call the API.

E] Pricing

The price for Cloud Endpoints depends on the number of calls to your API, as described in the following table:

Endpoints charges by its calls to Service Control. Each API call processed by the Extensible Service Proxy (ESP) or the Cloud Endpoints Frameworks are reported as a tracked operation by the Service Control API and is listed as line item for Service Control on your bill.

Getting started with Cloud Endpoints for the App Engine flexible environment with ESP

This tutorial shows you how to configure and deploy a sample API and the Extensible Service Proxy (ESP) running on an instance in the App Engine flexible environment. The sample code’s REST API is described using the OpenAPI specification.

Objectives:

Use the following high-level task list as you work through the tutorial. All tasks are required to successfully send requests to the API.

  1. Set up a Google Cloud project, install the required software, and create an App Engine app. See Before you begin.
  2. Download the sample code. See Getting the sample code.
  3. Configure the openapi-appengine.yaml file, which is used to configure Endpoints. See Configuring Endpoints.
  4. Deploy the Endpoints configuration to create an Endpoints service. Deploy the API and ESP to App Engine.
  5. Send a request to the API.
  6. Track API activity.
  7. Avoid incurring charges to your Google Cloud account.

Costs

This tutorial uses the following billable components of Google Cloud:

To generate a cost estimate based on your projected usage, use the pricing calculator. New Google Cloud users might be eligible for a free trial.

When you finish this tutorial, you can avoid continued billing by deleting the resources you created. For more information, see Cleaning up.

Before you begin

  1. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.
    Note: If you don’t plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.
    Go to the project selector page
  2. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.
  3. Make a note of the project ID because it’s needed later.
  4. You need an application to send requests to the sample API.
  • Linux and macOS users: This tutorial provides an example of using curl, which typically comes pre-installed on your operating system. If you don’t have curl, you can download it from the curl Releases and downloads page.
  • Windows users: This tutorial provides an example using Invoke-WebRequest, which is supported in PowerShell 3.0 and later.
  1. Download the Cloud SDK.
  2. Update the Cloud SDK and install the Endpoints components.
  3. gcloud components update
  4. Make sure that the Cloud SDK (gcloud) is authorized to access your data and services on Google Cloud:
  5. gcloud auth login
  6. In the new browser tab that opens, select an account.
  7. Set the default project to your project ID
  8. gcloud config set project YOUR_PROJECT_ID
  9. Replace YOUR_PROJECT_ID with your project ID. If you have other Google Cloud projects, and you want to use gcloud to manage them, see Managing Cloud SDK configurations.
  10. Select the region where you want to create your App Engine application. Run the following command to get a list of regions:
  11. gcloud app regions list
  12. Create an App Engine application. Replace YOUR_PROJECT_ID with your Google Cloud project ID and YOUR_REGION with the region that you want the App Engine application created in.

gcloud app create \

— project=YOUR_PROJECT_ID \

— region=YOUR_REGION

  1. ts/getting-started

Configuring Endpoints

The sample code includes the OpenAPI configuration file, openapi-appengine.yaml, which is based on OpenAPI Specification v2.0

  1. Note the following:
  • The configuration sample displays the lines near the host field, which you need to modify. To deploy openapi-appengine.yaml to Endpoints, the complete OpenAPI document is required.
  • The example openapi-appengine.yaml contains a section for configuring authentication that isn’t needed for this tutorial. You don’t need to configure the lines with YOUR-SERVICE-ACCOUNT-EMAIL and YOUR-CLIENT-ID.

OpenAPI is a language-agnostic specification. The same openapi-appengine.yaml file is in the getting-started sample in each language GitHub repository for convenience.

  1. On the line with the host field, replace YOUR-PROJECT-ID with your Google Cloud project ID. For example:
  2. host: “example-project-12345.appspot.com”

Endpoints uses the text configured in the host field as the service name. When you deploy the API to the App Engine backend, a DNS entry with a name in the format YOUR-PROJECT-ID.appspot.com is created automatically.

For information about the fields in the OpenAPI document that Endpoints requires, see Configuring Endpoints.

Deploying the Endpoints configuration

To deploy the Endpoints configuration, you use the cloud endpoints services deploy command. This command uses Service Management to create a managed service.

To deploy the Endpoints configuration:

  1. Make sure you are in the endpoints/getting-started directory.
  2. Upload the configuration and create a managed service:

gcloud endpoints services deploy openapi-appengine.yaml

The gcloud command then calls the Service Management API to create a managed service with the name that you specified in the host field of the openapi-appengine.yaml file. Service Management configures the service according to the settings in the openapi-appengine.yaml file. When you make changes to openapi-appengine.yaml, you must redeploy the file to update the Endpoints service.

As it is creating and configuring the service, Service Management outputs information to the terminal. You can safely ignore the warnings about the paths in the openapi-appengine.yaml file not requiring an API key. When it finishes configuring the service, Service Management displays a message with the service configuration ID and the service name, similar to the following:

Service Configuration [2017–02–13r0] uploaded for service [example-project-12345.appspot.com]

In the preceding example, 2017–02–13r0 is the service configuration ID, and example-project-12345.appspot.com is the Endpoints service. The service configuration ID consists of a date stamp followed by a revision number. If you deploy the openapi-appengine.yaml file again on the same day, the revision number is incremented in the service configuration ID. You can view the Endpoints service configuration on the Endpoints > Services page in the Cloud Console.

If you get an error message, see Troubleshooting Endpoints configuration deployment.

Checking required services

At a minimum, Endpoints and ESP require the following Google services to be enabled:

In most cases, the gcloud endpoints services deploy command enables these required services. However, the gcloud command completes successfully but doesn’t enable the required services in the following circumstances:

  • If you used a third-party application such as Terraform, and you don’t include these services.
  • You deployed the Endpoints configuration to an existing Google Cloud project in which these services were explicitly disabled.

Use the following command to confirm that the required services are enabled:

gcloud services list

If you do not see the required services listed, enable them:

gcloud services enable servicemanagement.googleapis.com

gcloud services enable servicecontrol.googleapis.com

gcloud services enable endpoints.googleapis.com

Also enable your Endpoints service:

gcloud services enable ENDPOINTS_SERVICE_NAME

To determine the ENDPOINTS_SERVICE_NAME you can either:

  • After deploying the Endpoints configuration, go to the Endpoints page in the Cloud Console. The list of possible ENDPOINTS_SERVICE_NAME are shown under the Service name column.
  • For OpenAPI, the ENDPOINTS_SERVICE_NAME is what you specified in the host field of your OpenAPI spec. For gRPC, the ENDPOINTS_SERVICE_NAME is what you specified in the name field of your gRPC Endpoints configuration.

For more information about the gcloud commands, see gcloud services.

Deploying the API backend

So far you have deployed the OpenAPI document to Service Management, but you haven’t yet deployed the code that serves the API backend. This section walks you through deploying the sample API and ESP to App Engine.

  1. # The following values are to be replaced by information from the output of
  2. # ‘gcloud endpoints services deploy openapi-appengine.yaml’ command.
  3. name: ENDPOINTS-SERVICE-NAME
  4. rollout_strategy: managed
  5. Replace ENDPOINTS-SERVICE-NAME with the name of your Endpoints service. This is the same name that you configured in the host field of your OpenAPI document. For example:
  6. endpoints_api_service:
  7. name: example-project-12345.appspot.com
  8. rollout_strategy: managed
  9. The rollout_strategy: managed option configures ESP to use the latest deployed service configuration. When you specify this option, up to 5 minutes after you deploy a new service configuration, ESP detects the change and automatically begins using it. We recommend that you specify this option instead of a specific configuration ID for ESP to use.
  10. Save the app.yaml file.
  11. Because the endpoints_api_service section is included in the app.yaml file, the gcloud app deploy command deploys and configures ESP in a separate container to your App Engine flexible environment. All request traffic is routed through ESP, and it proxies requests and responses to and from the container running your backend server code.
  12. Make sure you are in the endpoints/getting-started directory. This is where your openapi-appengine.yaml configuration file is located.
  13. Run the following command to deploy the sample API and ESP to App Engine:

mvn appengine:stage

gcloud app deploy target/appengine-staging

  1. The gcloud app deploy command creates a DNS record in the format YOUR_PROJECT_ID.appspot.com, which you use when you send requests to the API. We recommend that you wait a few minutes before sending requests to your API while App Engine completely initializes.

If you get an error message, see Troubleshooting App Engine flexible deployment.

For more information, see Deploying the API backend.

Sending requests to the API

Now that the service is running on App Engine you can send requests to it.

Create an API key and set an environment variable

The sample code requires an API key. To simplify the request, you set an environment variable for the API key.

  1. In the same Google Cloud project that you used for your API, create an API key on the API credentials page. If you want to create an API key in a different Google Cloud project, see Enabling an API in your Google Cloud project.
    Go to the Credentials page
  2. Click Create credentials, and then select API key.
  3. Copy the key to the clipboard.
  4. Click Close.
  5. On your local computer, paste the API key to assign it to an environment variable:
  • In Linux or macOS: export ENDPOINTS_KEY=AIza…
  • In Windows PowerShell: $Env:ENDPOINTS_KEY=”AIza…”
  1. Create an environment variable for your App Engine project URL. Replace YOUR_PROJECT_ID with your Google Cloud project ID:
    export ENDPOINTS_HOST=https://YOUR_PROJECT_ID.appspot.com
  2. Send an HTTP request using the ENDPOINTS_HOST and ENDPOINTS_KEY environment variables you set previously:

curl — request POST \

— header “content-type:application/json” \

— data ‘{“message”:”hello world”}’ \

  1. “${ENDPOINTS_HOST}/echo?key=${ENDPOINTS_KEY}”

In the preceding curl:

  • The — data option specifies the data to post to the API.
  • The — header option specifies that the data is in JSON format.

The API echoes back the message that you send it, and responds with the following:

{

“message”: “hello world”

}

If you didn’t get a successful response, see Troubleshooting response errors.

You just deployed and tested an API in Endpoints!

Note: If you want to let us know what you liked about this tutorial, feel free to provide feedback at the bottom of this page. Your feedback helps us improve these tutorials.

If you got an error, join the google-cloud-endpoints Google group and let us know what went wrong. This group receives responses from other Endpoints users and from Google engineers, who monitor the group.

Tracking API activity

  1. View the activity graphs for your API in the Endpoints page.
  2. Look at the request logs for your API in the Logs Viewer page.

References: 1)cloud.google.com/endpoints/docs

Blog Authors:

Siddharth Juikar:BTech-A-84

Pratik Kedar:BTech-A-94

Hrushikesh Kulkarni:BTech-A-105

Dinesh Lalwani:BTech-A-112

Prajwal Kotalwar:BTech-A-102

Rushikesh Bansode: BTech-A-20

Cloud Computing
Cloud Endpoints
Google Cloud Platform

--

--

Dinesh Lalwani

Written by Dinesh Lalwani

1 Follower

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams