• Authentication vs authorization
  • Scenarios: When to use service-to-Service auth
    • Mobile apps
    • Microservices
    • Cloud to cloud

Cloud Endpoints

  • Distributed API gateway from Google
    • Manage API using same architecture as Google uses. Containerized server-local proxy and service-based control plane
  • Protect, monitor and scale APIs with distributed API management
  • Deeply integrated with GCP
    • Automatic deployment on GAE/GKE, integrations with Stackdriver Logging and Stackdriver Trace

Key Features

  • Control access, authenticate users
  • Logging
  • Any backend

OpenAPI Spec

All configuration for endpoints comes from an OpenAPI spec (aka Swagger Spec)