Stay organized with collections
Save and categorize content based on your preferences.
Choosing an Authentication Method
API Gateway supports multiple authentication methods that are suited to different applications and use cases. API Gateway uses the authentication method that you specify in your service configuration to validate incoming requests before passing them to your API backend. This page provides an overview for each supported authentication method in API Gateway.
API keys
An API key is a simple string that identifies a
Google Cloud project for quota, billing, and monitoring purposes. A
developer generates an API key in a project in the Google Cloud console and
embeds that key in every call to your API as a query parameter or in a request header.
Use case
To use API Gateway features such as
quotas, you can pass in an API
key so that API Gateway can identify the Google Cloud project
that the client application is associated with. For more information, see
Using API Keys.
Service accounts
To identify a service that sends requests to your API, you use a
service account. The calling service
uses the service account's private key to sign a secure
JSON Web Token (JWT)
and sends the signed JWT in the request to your API.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-05 UTC."],[[["API Gateway offers multiple authentication methods for different applications and use cases, validating requests before forwarding them to the API backend."],["API keys, which are strings identifying a Google Cloud project, are used for quota, billing, and monitoring, and are embedded in API calls."],["Service accounts utilize JSON Web Tokens (JWTs) for secure authentication of services making requests to your API, which are well-suited for microservices."]]],[]]
