menu
arrow_back

Securing and Rate Limiting API calls using API Gateway

search share Rejoindre Se connecter

Securing and Rate Limiting API calls using API Gateway

1 heure 30 minutes 7 crédits

GSP882

Google Cloud Self-Paced Labs

Introduction

API Gateway supports multiple authentication methods that are suited to different applications and use cases. The authentication method you specify in your API config determines how client requests will be validated before providing access to backend services. There are two main authentication methods used by API Gateway and their use cases are client specific, these are: API Keys and User Authentication.

API Keys provide project identification and authorization and typically are used to identify an application and validate that it has been granted access to call the API being requested. The API Key used to identify the client application is generated in a Google Cloud Project that is provided access to the set of APIs it needs to consume. The API Key can also be utilized to identify usage information associated with the calling client application.

In contrast, authentication schemes provide a secure way of identifying a calling user and typically serve two purposes, User Authentication and User Authorization:

  • User Authentication is leveraged to securely verify that the calling user is who they claim to be.
  • User Authorization is leveraged to check whether the user should have access to make a client request.

You can find more information on various Use Cases for API Keys on the documentation page.

API Gateway also provides the ability to limit client requests by enforcing quotas or controling the rate at which an application can call your API. This is also known as rate limiting. Setting a quota for your API is important as it allows you to specify usage limits to your API to protect your backend services from an excessive number of requests from calling applications.

The benefits of doing this are many. It allows you to:

  • Protect the health of your backend services
  • Maintain cost efficiency of running services on the cloud
  • Ensure that one application cannot negatively impact other applications consuming your API

More information on using Quotas can be found on the documentation page.

In this lab you will deploy an API to API Gateway and make enhancements to improve its security and rate limiting configuration.

Inscrivez-vous sur Qwiklabs pour consulter le reste de cet atelier, et bien plus encore.

  • Obtenez un accès temporaire à Cloud Console.
  • Plus de 200 ateliers, du niveau débutant jusqu'au niveau expert.
  • Fractionné pour vous permettre d'apprendre à votre rythme.
Inscrivez-vous pour démarrer cet atelier