When we create End Point, it has external address to access it. So, if I try to call it from another End Point it will use some traffic.
I want to create End Point available from outside (Api), and another end point for accessing to datastorage. Second End Point shouldn't have external access, and could be called only inside App Engine from another applications (first service with external address). Just for security and minimization traffic.
So, is it possible to create End Point that available only for another End point and applications from Container Engine? Or i should do it in another way?
I find your question rather vague. Are you trying to access one endpoint from within the same app engine application? You could extract the endpoint code into a static method and call that method. There's no good reason to use endpoints for such a scenario.
If you try to access your endpoint from another App Engine application:
Cloud Endpoints are public by default. If you restrict the access things like the Google JavaScript client won't work anymore because you'll block the proper discovery of your endpoints.
You can restrict access to your endpoints by injecting the HttpServletRequest into your endpoint #ApiMethod and filter by the requester's IP or a custom header. You could also inject the User object into your endpoint method and do a service account oauth authentication to access your endpoint from another app engine instance or project.
Hope this helps
Local access to AppEngine's datastore is possible through:
JPA, JDO, the low level API (https://cloud.google.com/appengine/docs/java/datastore/) If you need a wrapper, i'm using Objectify in all my projects, but there's also slim3 (see link).
Related
Can the namespace preferences and program preferences be set via REST API calls? If yes, what is the syntax for it?
Generally in Cloud Data Fusion, when we intend to perform the action on GCP side, like create/delete/restart etc. instance, it's feasible to use domestic Google Cloud API, giving the opportunity to interact with a service endpoint via JSON/HTTP calls interface as described in Google Cloud API design document.
Dedicated to Data Fusion you can follow the Cloud Data Fusion REST API reference document, nicely explaining the methods for composing REST API HTTP calls to manage Data Fusion instances, moreover every method description from the documentation contains Google API Explorer sub-panel, to get handy experience building JSON request on a live data.
Said above, I assume your initial question is related more to CDAP REST API, as it includes the methods for pure CDAP instance metadata/namespaces/application configuration.
From the user perspective your workflow might be the following:
Identify the CDAP API endpoint as explained in this guideline;
Compose an HTTP PUT/GET request relevant to Data Fusion
Namespace/Metadata/Preferences/Configuration
object via CDAP RESTful API.
Yes of course! You have two methods.
The first method is creating it from the platform. Follow the steps below:
Open your data fusion instance
Go to System Admin => Configuration => Make HTTP calls
To create a namespace, submit an HTTP PUT request:
PUT /v3/namespaces/<namespace-id>
Link of CDAP: CDAP
The second method is using terraform.
My goal is to create a REST API Integration from Salesforce to SAP application.
SUCCESS Through Chrome APP
1. All I need to do is retrieve values from sap application through the REST API. When I tried to use the Chrome APP 'Advanced Rest Client' and have passed the appropriate URL and Content with POST method I was able to retrieve the values from local server database.
For EG : If I pass request 92126 then I was able to get response 'SAN DIEGO' which is correct.
Here is the link (https://chrome.google.com/webstore/detail/advanced-rest-client/hgmloofddffdnphfgcellkdfbfbjeloo?hl=en-US) for Advanced REST Client.
PROBLEM from Salesforce :
I had created a remotesite setting
When I created this REST class in SAlesforce and tried invoking the End Point then it's throwing this error.
System.HttpResponse[Status=Service Unavailable, StatusCode=503]
As the web api url which is provided to us is in local sql server i.e hosted in private, as we know in Salesforce for making callouts the URLs must be in public. But the URL is in private only for the security reasons not hosted in public. We should achieve it, any way is there to achieve it? What change should be done in Salesforce or server to communicate to each other, and allows to make the callout?
It is most likely that you endpoint does not allow access from outside some ip range which you indicated by saying it's not public. Salesforce is a SaaS application hosted outside the domain that your service is on. In order for Salesforce to access that endpoint resource you need to whitelist Salesforce IP ranges, which can be found here.
Whitelisting allows Salesforce to access the resource. The only caveat is that because Salesforce is multi-tenant it means that any instance of Salesforce on the range that you whitelist would have access to your endpoint. If this is not ok, you might want to add some sort of header or sign the request to the call to that identifies your Salesforce instance uniquely from any other instance to validate that the call originated from your Salesforce org.
(I am linking to the article instead of pasting the IP ranges here because these may change in the future).
I have two microservices registrations, which is responsible for registering new users, and users, which hold information about users. Each of them has it's own database.
When a user tries to register, a call to users is made via the API, e.g.
GET users/verify?email=foo%40bar.com
to chech if the email has been already assigned to a profile. Although I could hide the access point users/verify in the public docs, it can still be accessible.
What is the best way to allow only private IPs make requests to the API?
You may use a Gateway, some alternatives are
Tyk
Kong
Netflix/Zuul
There is a nice article at https://thenewstack.io/api-gateways-age-microservices/
Keep it simple. Do it at the firewall level
Whitelist the IP(s) that you want to be able to make requests, reject the rest
I built a package in R which basically wraps around the Cloud Storage JSON API. I included a default OAuth app (that is a client id and client secret, see documentation) in the package. The client id and secret are created and hosted in my own cloud platform project with my billing details. The R package uses the OAuth app to ask for end user's authentication before any API calls and stores the token for the end user. Any subsequent API calls are sent with the retrieved token.
I noticed that the stats about the end users' API calls are showing up in my own project because it hosts the OAuth app. In this case, do I get charged for those API calls by end users?
All calls to GCS are always billed to the bucket that they reference. Calls that don't specify a specific bucket, like "list buckets in a project", are billed to the project in question.
Your JAVA JavaScript Structructured Omitts Notations are very local and require a great deal with NAMESPACE as it will resolve quite rampantly if not given a proper address pool I suggest Googles DNS alongside subsequent calls within the given IP zone 10.10.10.10/12 etc ... As higher languages like human language tend to fall outside these zone and need to be delegated ... Might be jumping from 0.0.0.0 to higher address pools without knowing can be a pain.
We've a custom rigging of Sugar (using GWT for various front end stuff), and we use the SOAP API for much of our querying (vs. directly to the DB).
One of the API calls to check credentials is get_available_modules, which returns all available modules for a given user. How could a user have access to a module in the web interface, but not via a SOAP call (same session id?).
Not entirely sure on your question. Do you want a user to hve access to one set of modules from web and another set via soap? Or is there a difference on you setup?
First off, there should not be a difference between a user's available modules on web and soap calls.
If you want a different set for each access method, you need to change e.g. "get_available_modules" in the soap web service. One crude approch could be to make an override array in config_override.php abd check against that array in the soap function.