menu
arrow_back

Securing and Rate Limiting API calls using API Gateway

search share Join Sign in

Securing and Rate Limiting API calls using API Gateway

1 hour 30 minutes 7 Credits

GSP882

Google Cloud Self-Paced Labs

Introduction

API Gateway supports multiple authentication methods that are suited to different applications and use cases. The authentication method you specify in your API config determines how client requests will be validated before providing access to backend services. There are two main authentication methods used by API Gateway and their use cases are client specific, these are: API Keys and User Authentication.

API Keys provide project identification and authorization and typically are used to identify an application and validate that it has been granted access to call the API being requested. The API Key used to identify the client application is generated in a Google Cloud Project that is provided access to the set of APIs it needs to consume. The API Key can also be utilized to identify usage information associated with the calling client application.

In contrast, authentication schemes provide a secure way of identifying a calling user and typically serve two purposes, User Authentication and User Authorization:

  • User Authentication is leveraged to securely verify that the calling user is who they claim to be.
  • User Authorization is leveraged to check whether the user should have access to make a client request.

You can find more information on various Use Cases for API Keys on the documentation page.

API Gateway also provides the ability to limit client requests by enforcing quotas or controling the rate at which an application can call your API. This is also known as rate limiting. Setting a quota for your API is important as it allows you to specify usage limits to your API to protect your backend services from an excessive number of requests from calling applications.

The benefits of doing this are many. It allows you to:

  • Protect the health of your backend services
  • Maintain cost efficiency of running services on the cloud
  • Ensure that one application cannot negatively impact other applications consuming your API

More information on using Quotas can be found on the documentation page.

In this lab you will deploy an API to API Gateway and make enhancements to improve its security and rate limiting configuration.

Join Qwiklabs to read the rest of this lab...and more!

  • Get temporary access to the cloud console.
  • Over 200 labs from beginner to advanced levels.
  • Bite-sized so you can learn at your own pace.
Join to Start This Lab