Microservices with App Engine and API Gateway - google-app-engine

I have several microservices hosted using GAE Stadard. Currently the UI communicates directly with each service. I'd like to setup an API gateway so the traffic will be routed to the correct service based on path. E.g. any requests starts with /products will go to service A, while /orders will go to service B.
Is it something can be done using Google Cloud, without having to develop a new routing service?
Thanks in advance

There is a New Feature in Beta for App Engine that allow you to setup and deploy an API gateway for your services, which is exactly what you want to do.
You can check details and a tasklist of how to set it up in this Documentation.

Related

Is there a way to limit only allow incoming requests from other App Engine services?

I have four services running within the same app on App Engine. I have a frontend SvelteKit application, and three backend services. If possible, I'd like to set up security in such a way that the backend services will only accept HTTP requests from the frontend application (which sends all API requests via its Node server).
Is there a way of doing this without spending a load of money on a Serverless VPC Access connector?
Ideally I want to keep these all within the same GCP project as well. So far the only solution I can come up with is to ship the services with a secret that they check against when receiving a request, but there must be a better way to do it.
Take a look at Identity Aware Proxy
Pay attention to the part of the above documentation that says
In order to make a resource publicly-accessible (while sibling resources are restricted), grant the IAP-secured Web App User role to allUsers or allAuthenticatedUsers.
Per your use case, your front-end application will be available to the public while your 3 backend services will only be available to the front-end application
Since your backend services are now secured (via IAP), you have to programmatically invoke them in your front end. See documentation on how to do that.

Security between Google App Engine projects

How do I ensure that only a specific Google App Engine project can communicate with another web endpoint located in an other GAE Project.
I want to lock communication between App Engine Projects.
What would be the best way to accomplish this ?
The best way would be to make use of the request header X-Appengine-Inbound-Appid within your App Engine web endpoint application to assert the identity of your specific App Engine app that should be allowed to communicate. This header is added to the request by the URLFetch service and is not user modifiable.
Detail documentation can be found at https://cloud.google.com/appengine/docs/python/appidentity/#Python_Asserting_identity_to_other_App_Engine_apps
Not tested, but I thought application itself is admin, so how about like this?
Add login: admin to all handlers in app.yaml
Go to Google Developer Console, project -> Permissions, then Add project account which you want to communicate with into service accounts.
I hope it works.

how can I use google app engine with an application in phonegap

I have been developing a Phonegap client application, I need to create a web service that storage all the data that i will be sending through the app.
I want to use google app engine to create the database and the web service.
I have read a lot, but i don't find a concrete example of how to do it and how to call the web service then from the application with phonegap.
Anyone have an example of how to do this?
You can use Cloud Endpoints with your app:
Google Cloud Endpoints consists of tools, libraries and capabilities
that allow you to generate APIs and client libraries from an App
Engine application, referred to as an API backend, to simplify client
access to data from other applications. Endpoints makes it easier to
create a web backend for web clients and mobile clients such as
Android or Apple's iOS.
For mobile developers, Endpoints provides a simple way to develop a
shared web backend and also provides critical infrastructures, such as
OAuth 2.0 authentication, eliminating a great deal of work that would
otherwise be needed. Furthermore, because the API backend is an App
Engine app, the mobile developer can use all of the services and
features available in App Engine, such as Datastore, Google Cloud
Storage, Mail, Url Fetch, Task Queues, and so forth. And finally, by
using App Engine for the backend, developers are freed from system
admin work, load balancing, scaling, and server maintenance.
It is possible to create mobile clients for App Engine backends
without Endpoints. However, using Endpoints makes this process easier
because it frees you from having to write wrappers to handle
communication with App Engine. The client libraries generated by
Endpoints allow you to simply make direct API calls.
Available in Python | Java
we have done similar thing for our Cordova/ionic based application. Its very simple and straight forward using javascript client of google cloud endpoint.

Google App Engine Backends not associated to any Frontend

I'm developing a Java app in GAE, which offers an API through Google Cloud Endpoints.
Basically it receives requests in the endpoints and uses a number of web services from different providers, stores some data and returns some data through the endpoints...
I understand that my app is conceptually a backend, because it doesn't provide any web page, but only the endpoints, don't you think so?
But there's no way to create only a backend, without being associated to any frontend app, is there? At least Google Plugin for Eclipse only allow you to "Generate App Engine Backend", from an existing app, and moreover this app must be an Android project...
I'm using it as a frontend and there's no problem, but apart from the conceptual issue, I've read that backends are kind of optimized to be backends, with more memory and CPU...
I think you're just confused because the Cloud Endpoints documentation uses the word 'backend' to refer to the entire cloud-hosted server implementation. It doesn't specifically refer to the use of GAE backend instances. Endpoint requests can be served by frontend or backend instances, based on how you set them up and the url being accessed.
From the App Ending docs:
"When an application is called to serve a web request, it must issue a response within 60 seconds"
"App Engine Backends are instances of your application that are exempt from request deadlines and have access to more memory (up to 1GB) and CPU (up to 4.8GHz) than normal instances."
So unless you're requests are doing something crazy, you don't need to use a backend. In the google-plugin-for-eclipse, "generate appengine backend" is talking about creating a backend for your android app... a server for your android app to contact (in this case your android app is the frontend and you're appengine app is the backend). In the example app you can remove the web side (index.html) to the appengine application and you'll have no web frontend. Index.html is using the gapi javascript library to make endpoints calls to your appengine service.

Does Google App Engine Support JAVA Proxy API's?

I have a question surrounding the REST service. I have an application written in C# , i want to put this application onto the cloud. I have a small problem, My Application has a built in C# API. I want to interact with my application and Google app engine. I want to develop a JAVA PROXY on top of GAE so that it can interact with my application using REST protocol and performs CRUD operations on Cloud and returns back data to my application.
Is it possible to do this ? to what i know is that SANDBOX feature doesn't allow us to directly interact with the App Engine.
Any suggestion on this.........
Thanks Heaps
Suraj
You don't need Java Proxy API in order to make http requests to another server (I guess you did not have java's Proxy class in mind?).
Yes, AppEngine can make HTTP/REST requests to other servers via URL Fetch java API.

Resources