Hi, By default, endpoints can be called by anyone, however, if your users Google Accounts (most Android users do), you can lock the API's down https://cloud.google.com/appengine/docs/java/endpoints/auth
If you would like to lock down your API to only your Android App for non-Google accounts, you could either pass a unique key known to your apps along with each call, roll your own tokens, or for more security, your app could also use a custom trust manager <https://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html> using x.509 certs on Android and verify those on the AppEngine side <https://sites.google.com/site/oauthgoog/authenticate-google-app-engine-app> . Note - I've never tried using certificate validation on App Engine, so take the comment w/ a grain of sand, but this should be the most secure approach. On Sun, Dec 14, 2014 at 8:27 AM, Gannicus <[email protected]> wrote: > Hello, > > I am using Cloud Endpoints with Java to create my API and I would like to > be used only by my android client application. > I read the Google documentation and it seems like I have to generate an ID > thanks to the SHA1 fingerprint. > > However I would like to have a confirmation on this: > > 1) Does it really restrict API calls to my android client only? I don't > want any possibility to call it thanks to a REST client, a browser or > something like that. > > 2) Some part I didn't understand -I read something about it on Stack > Overflow- : do the users have to own a google account to use my android > client then? > > Thank you. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/google-appengine. > For more options, visit https://groups.google.com/d/optout. > -- Les Vogel | Cloud Developer Relations | [email protected] | 408-676-7023 -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
