Is it possible to create google API KEY programmatically?
I did see the above question but I wanted to verify its functionality for my use case. I have a REST api deployed to Google App Engine that I want to introduce some api key mechanism for external users. I'm not making a website where I would just be trying to make sure it's only my code talking to my code from front-end to back-end, it's a public api that anyone with valid credentials is able to access.
Google Cloud Endpoints will only authenticate api keys generated through GCP, so my thinking goes that if it's possible to create a service account and associated ServiceAccountKey via http request, then it could be plausible to generate api keys (service account keys) for any prospective user by generating a service account per user and then giving them the relevant private key that will allow them to authenticate through Cloud Endpoints (jwt signing?).
It sounds like a good plan to me but in all likelihood I'm missing something that makes this a terrible idea. Thoughts? Has this been done before/proven?
TL;DR: Wrong way
First, API Key on GCP can only authenticate GCP Project, not user or service account.
Then, a service account key file is not an API Key. It's a secret identity that you can use for generating an OAuth2 JWT token (identity token) according with the Oauth2 flow. This identity token can be provided for an authentication (and it's valid only 1H)
In addition, you are limited to 100 service accounts per project, and the meaning of a service account is to authenticate app, not user. If you want to authenticate user, I recommend you to have a look to Cloud Identity Platform
Finally, API key generation has evolved very recently (about 1 month) and .... I would like to find the doc again, but it's a dead link. Maybe that the beta is not ready yet.
Note: Maybe the answer that I performed here (just now) can help you?