App Engine API and Secret Key

Question

I need to set up an API key and API secret for a Web service on Google App Engine. My goal is for a third-party application to provide those two keys to access the Web service. The third-party application can be written in PHP or Java, for example. My App Engine application is written in Java.

• What I did so far:
  I followed this tutorial https://cloud.google.com/eclipse/docs/creating-new-webapp and now I can reach the app using a Web browser by going to https://my-ip-address/hello. I searched the Web and tried different things like the "Credentials" tab in the Google Console but I can still reach it on /hello without providing any API Key.
  
  
• What I need:
  I need to generate API Keys and API Secrets that I can provide to end-user applications to be able to access my API.

Found no similar questions on Stack Overflow. I could be doing it all wrong. Looking to hear from you.

Answer 1

In the Google Cloud Endpoints documentation there is a Choosing an Authentication Method section. Also look at Why and When to Use API Keys in which they explain:

API keys are for projects, authentication is for users

Google Cloud Endpoints handles both API keys and authentication schemes (such as Firebase or Auth0). The main distinction between these two is:

• API keys identify the calling project — the app or site — making the call to an API

• Auth tokens identify a user — the person — that is using the app or site .....

In general there's a lot of docs explaining the differences between authentication method and how to use them (see below image).

If you're definitely sure of what you need, Restricting API Access with API Keys is the way to go.