All geek questions in one place

GAE: Cannot use Google server side API (access issue)

To use the Google API, after activating them from the Google Developers Console, you need to create credentials. In my case, I have a backend that should use the server API server. For this purpose, it is possible to generate what the Google page calls “Server Application Key”. So far, so good.

The problem is that to generate the key, you need to specify the IP addresses of the servers, which will be white. But GAE does not have a static IP address that I could use there.

It is possible to manually obtain an IP by doing:

dig -t TXT _netblocks.google.com @ns1.google.com

However, there is no guarantee that this list is static (moreover, it is known to change from time to time), and there is no programmatic way in which I could automate the use of adding the IP address that I get from copying to the Google Console developers.

This leaves me with two options:

  • Forget about GAE for this project, ironically, GAE cannot be used as a backend for the Google API (it’s better to use Amazon or some other solution for this). or
  • Program something like a watchdog on the output of the dig command, which will notify me of the change, and then I would manually update the whitelist (I won’t do this - it’s too dangerous) or allow all IP addresses to use the Google API, which has your API key. Not the safest solution, but it works.

Is there any other workaround? Maybe GAE does not support the use of the server side of the Google API?

0
source share
2 answers

You can use App Identity to access the Google APIs from AppEngine. See: https://developers.google.com/appengine/docs/python/appidentity/ . If you configure your application using the cloud console, it should already have added the identifier of your application with the permission of your project, but you can always check it. On the Permissions tab in the cloud console for your project, make sure your service account has been added to Service Accounts (in the form of your_app_id@appspot.gserviceaccount.com )

Also, if you use something like the JSON API Libs available for python, you can use the compiled oauth2 library to do all this for you, using AppAssertionCredentials to authorize the API you want to use. See: https://developers.google.com/api-client-library/python/guide/google_app_engine#ServiceAccounts

+1
source

Yes, you must use App Identity. Forget about getting an IP or abandoning GAE :-) Here is an example of how to use Big Query, for example, inside a GAE application:

 static { // initializes Big Query JsonFactory jsonFactory = new JacksonFactory(); HttpTransport httpTransport = new UrlFetchTransport(); AppIdentityCredential credential = new AppIdentityCredential(Arrays.asList(Constants.BIGQUERY_SCOPE)); bigquery = new Bigquery.Builder(httpTransport, jsonFactory, credential) .setApplicationName(Constants.APPLICATION_NAME).setHttpRequestInitializer(credential) .setBigqueryRequestInitializer(new BigqueryRequestInitializer(Constants.API_KEY)).build(); }
+1
source

Source: https://habr.com/ru/post/972321/

More articles:


All Articles