You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Cloud Endpoints is a distributed API management system on Google Cloud. It provides authentication, monitoring, logging, and API key validation for APIs hosted on any Google Cloud compute platform — Compute Engine, GKE, Cloud Run, or App Engine. Unlike API Gateway, Cloud Endpoints supports both REST and gRPC APIs and works with backends beyond serverless services.
Cloud Endpoints is an API management layer that uses the Extensible Service Proxy (ESP) or ESPv2 — a high-performance, Envoy-based proxy — to intercept API requests, validate authentication, enforce quotas, and report metrics. You deploy ESP alongside your backend service, and it handles cross-cutting API management concerns.
| Feature | Description |
|---|---|
| OpenAPI & gRPC support | Define APIs using OpenAPI 2.0 or Protocol Buffers |
| ESP/ESPv2 proxy | High-performance Envoy-based proxy for request interception |
| Authentication | API keys, Google ID tokens, Firebase, Auth0, custom JWT |
| Monitoring | Automatic integration with Cloud Monitoring |
| Logging | Detailed request logs in Cloud Logging |
| Quotas | Per-consumer rate limiting and quota enforcement |
| Developer Portal | Auto-generated API documentation and developer portal |
Cloud Endpoints architecture consists of three components:
Your API is defined using an OpenAPI 2.0 specification (for REST APIs) or a Protocol Buffer service definition (for gRPC APIs). This specification describes the endpoints, methods, request/response schemas, and authentication requirements.
ESPv2 is a lightweight, high-performance proxy based on Envoy. It runs as a sidecar alongside your backend service. For each incoming request, ESP:
Google's Service Infrastructure handles service management (deploying API configs), service control (authentication, quota enforcement), and monitoring/logging.
# Step 1: Deploy your backend service
gcloud run deploy my-backend \
--image europe-west2-docker.pkg.dev/my-project/repo/backend:latest \
--region europe-west2 \
--no-allow-unauthenticated
# Step 2: Deploy the OpenAPI spec to Service Management
gcloud endpoints services deploy openapi.yaml
# Step 3: Deploy ESPv2 as a Cloud Run service
gcloud run deploy my-api-gateway \
--image gcr.io/endpoints-release/endpoints-runtime-serverless:2 \
--set-env-vars "ENDPOINTS_SERVICE_NAME=my-api.endpoints.my-project.cloud.goog" \
--region europe-west2 \
--allow-unauthenticated
On GKE, ESPv2 runs as a sidecar container in the same pod as your backend service.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.