You could use Firebase[1] with App Engine to control who and what have access and where on your application. Or you could control the access of your app using the different role available for App Engine[2]
[1] https://cloud.google.com/appengine/docs/standard/python/authenticating-users-firebase-appengine [2] https://cloud.google.com/appengine/docs/standard/nodejs/roles On Wednesday, March 18, 2020 at 6:16:45 AM UTC-4, Serhii Diukarev wrote: > > And how can I configure the same (security constraints > <https://cloud.google.com/appengine/docs/standard/java/config/webxml#Security_and_Authentication>) > > for Nodejs? Couldn't find the solution yet... > > On Friday, July 28, 2017 at 10:28:58 PM UTC+3, Yannick (Cloud Platform > Support) wrote: >> >> Hello, welcome to the forums. >> >> 1) You can choose which URLs you want to restrict in your Java >> application using security constraints >> <https://cloud.google.com/appengine/docs/standard/java/config/webxml#Security_and_Authentication>. >> >> That way only someone logged in as a developer or your application itself >> can access that endpoint. >> 2) There are many ways to implement having a staging and production >> environment. You could use a separate service >> <https://cloud.google.com/appengine/docs/standard/java/an-overview-of-app-engine> >> as >> your staging environment. Several App Engine services such as Datastore >> will also let you use namespaces >> <https://cloud.google.com/appengine/docs/standard/java/multitenancy/> to >> keep the data of your environment separates. Finally you could simply >> create a different cloud project and use that as your staging environment. >> >> I hope this helps. Let me know if I can clarify anything for you. >> >> On Friday, July 28, 2017 at 12:39:06 PM UTC-4, Raunak Gupta wrote: >>> >>> **Hoping to get some insights from the community. ** >>> >>> With a Google Endpoint version 2 app (Java 8) deployed on GAE, the >>> project becomes available under the url <project-name>.appspot.com. >>> >>> I had few questions around deployment and security: >>> >>> 1. The URL <project-name>.appspot.com is accessible by everyone by >>> default. How do I restrict it so only that Endpoint only responds to >>> requests coming from my domain or my sub-domain. >>> 2. How do you go about deployment such that you have a staging >>> environment and a production environment >>> >>> Many thanks for your time responding to this. >>> >> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/a018e031-a5e7-4f90-9d4d-88fdd33ea31a%40googlegroups.com.
