“Sessions” with Google Cloud Endpoints

Question

This question is only to confirm that I\'m clear about this concept.

As far as I understand, Google Cloud Endpoints are kind of Google\'s implementa

Answer 1

Yes, your Cloud Endpoints API backend code (Java or Python) is still running on App Engine, so you have the same access to all resources you would have on App Engine.

Though you can't set client-side cookies for sessions, you still can obtain a user for a request and store user-specific data in the datastore. As @Shay Erlichmen mentioned, if you couple the datastore with memcache and an in-context cache (as ndb does), you can make these lookups very quick.

To do this in either Python or Java, either allowed_client_ids or audiences will need to be specified in the annotation/decorator on the API and/or on the method(s). See the docs for more info.

Python:

If you want to get a user in Python, call

endpoints.get_current_user()

from within a request that has been annotated with allowed_client_ids or audiences. If this returns None, then there is no valid user (and you should return a 401).

Java:

To get a user, on an annotated method (or method contained in an annotated API), simply specify a user object in the request:

import com.google.appengine.api.users.User;

...

  public Model insert(Model model, User user) throws
      OAuthRequestException, IOException {

and as in Python, check if user is null to determine if a valid OAuth 2.0 token was sent with the request.

Answer 2

Yes you can use session, only put another Paramether in your API method with HttpServlet:

@ApiMethod
public MyResponse getResponse( HttpServletRequest req, @Named("infoId") String infoId ) {
    // Use 'req' as you would in a servlet, e.g.
    String ipAddress = req.getRemoteAddr();
    ...
}

Answer 3

The datastore is pretty quick especially if you do a key lookup (as apposed to query). if you use NDB then you will have the benefit of auto memache your lookups.