Secure Google Cloud Functions with API Gateway

Photo by Sara Julie on Unsplash — This glass probably need an API Gateway


In this tutorial and the following one, I will show how to create two Google Cloud Functions (GET and POST) and set up a secured and monitorable API using API Gateway.


This tutorial assumes you have :

Create Google Cloud Functions

Create two folders : listSmoothies and orderSmoothie and create empty files and requirements.txt :

mkdir listSmoothies
mkdir orderSmoothie
touch listSmoothies/
touch orderSmoothie/
touch listSmoothies/requirements.txt
touch orderSmoothie/requirements.txt
gcloud functions deploy listSmoothies --region=europe-west2 --trigger-http --entry-point listSmoothies --runtime python38 --no-allow-unauthenticated
gcloud functions deploy orderSmoothies --region=europe-west2 --trigger-http --entry-point orderSmoothies --runtime python38 --no-allow-unauthenticated

Create the API

  1. Connect to your Google Cloud Console :
gcloud services enable 
gcloud services enable
gcloud services enable

API Part

Give your API a display name and an ID using small caps and hyphens ONLY.

Name : SmoothAPIID : smoothapi

API Config Part

  1. Keep “Create new API config”
Api Config Name : Medium Config
Select “Cloud Function Invoker”

Gateway part

Give a name to the Gateway and a region.

Name : SmoothAPI Gateway


Click deplooooy!

Access the API

After deployment, click the API name.

Huuuuurrrrayyyyyy!! Instagramable smoothies!!

Rate Limit & Secure the API with API Keys

Adding quotas to the API isn’t an easy task : it’s not documented in API Gateway documentation.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Beranger Natanelic

Beranger Natanelic

Future Unicorn Founder — Using tech for good