Testing Your API

If everything went according to plan, you should be able to authenticate with your API using the new key! Note, though, that it could take a few minutes before all these changes take effect in your GCP environment, so don’t worry if things behave oddly for a few minutes.

Let’s test things out using curl again. We’re gonna try a few things:

1. Call the GET and POST endpoints using the Cloud Run service’s URL without providing a key to confirm they do not allow unauthenticated connections.
2. Call the GET and POST endpoints using the Cloud Run service’s URL with the key to confirm they do not allow API key authentication directly.
3. Call the GET and POST endpoints using the API Gateway’s URL without providing a key to confirm they don’t allow unauthenticated connections.
4. Call the GET and POST endpoints using the API Gateway’s URL with the key to confirm they work properly.

Again, we can use gcloud to find those URLs again.

Cloud Run URL

gcloud run services describe {{CLOUD_RUN_SERVICE_NAME}} --region={{GCP_REGION}} --project={{PROJECT_ID}}

Where:

• {{CLOUD_RUN_SERVICE_NAME}}: Name of our backend Cloud Run service (e.g. api-gateway-demo).
• {{GCP_REGION}}: The region where our Cloud Run service was deployed (e.g. us-central1).
• {{PROJECT_ID}}: Name of the Google Cloud project you’re using for the tutorial (e.g. api-gateway-key-auth-demo)

Look for the URL in the results:

API Gateway URL

gcloud api-gateway gateways describe {{GATEWAY_ID}} --location={{GCP_REGION}} --project={{PROJECT_ID}}

Where:

• {{GATEWAY_ID}}: Name of the API Gateway we created (e.g. demo-api-gateway).
• {{GCP_REGION}}: The region where our API Gateway was deployed (e.g. us-central1).
• {{PROJECT_ID}}: Name of the Google Cloud project you’re using for the tutorial (e.g. api-gateway-key-auth-demo)

Look for the defaultHostname:

GET Tests

Execute the following curl commands, replacing the {{YOUR_CLOUD_RUN_URL}}, {{YOUR_API_GATEWAY_URL}}, and {{YOUR_API_KEY}} placeholders with the appropriate values you found earlier.

1. curl {{YOUR_CLOUD_RUN_URL}}/get/helloworld
2. curl -H "x-api-key: {{YOUR_API_KEY}}" {{YOUR_CLOUD_RUN_URL}}/get/helloworld
3. curl {{YOUR_API_GATEWAY_URL}}/get/helloworld
4. curl -H "x-api-key: {{YOUR_API_KEY}}" {{YOUR_API_GATEWAY_URL}}/get/helloworld

Call #1 and #2 should return a 403 Forbidden error from the Cloud Run service:

Call #3 should return a 401 Unauthenticated message from the API Gateway:

While Call #4 should return our expected “Hello, World!” message:

POST Tests

Execute the following curl commands, replacing the {{YOUR_CLOUD_RUN_URL}}, {{YOUR_API_GATEWAY_URL}}, and {{YOUR_API_KEY}} placeholders with the appropriate values you found earlier.

1. curl -X POST -H “Content-type: application/json” {{YOUR_CLOUD_RUN_URL}}/post/add -d '{"num1": 10, "num2":30}'
2. curl -X POST-H "x-api-key: {{YOUR_API_KEY}}" -H "Content-type: application/json" {{YOUR_CLOUD_RUN_URL}}/post/add -d '{"num1": 10, "num2":30}'
3. curl -X POST-H "x-api-key: {{YOUR_API_KEY}}" -H "Content-type: application/json" {{YOUR_API_GATEWAY_URL}}/post/add -d '{"num1": 10, "num2":30}'
4. curl -X POST-H "x-api-key: {{YOUR_API_KEY}}" -H "Content-type: application/json" {{YOUR_API_GATEWAY_URL}}/post/add -d '{"num1": 10, "num2":30}'

And we expect results similar to those we saw with the GET tests:

Call #1 and #2:

Call #3:

And Call #4:

Conclusion

And there you have it… a Google hosted API authenticated using API keys, thanks to Google API Gateway.

Enjoy, and don’t forget to pop back into the console and delete anything you don’t actually need!