hands-on lab

Securing an API with Google Cloud API Gateway and OAuth 2.0

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


In this lab, you will be securing access to an API with API Gateway and OAuth 2.0. The API is written in Python and you will deploy it using App Engine. Having API Gateway in front of your API provides several benefits, such as:
  • Centralized management of your APIs,
  • Monitoring and logging, and
  • Centralized security, which is the focus of this lab.
OAuth 2.0 is an industry-standard protocol for authorization and is integrated with Google services, including as API Gateway. API Gateway support the OpenAPI definition format for API configuration. You will be using the OpenAPI definition to configure the API Gateway including a security definition using OAuth 2.0. To test the OAuth security mechanism, a simple JavaScript client application is used to authenticate with Google and securely request access to the protected API resource.

Learning Objectives

Upon completion of this lab you will be able to:

  • Deploy API Gateway in front of your APIs
  • Use OpenAPI to configure API Gateway
  • Use OAuth 2.0 to secure your APIs
  • Explain the basic concepts of OAuth 2.0

Intended Audience

This lab is intended for:

  • Software Developers
  • API Developers
  • Security Engineers


You should possess:

  • A basic understanding of Python
  • A basic understanding of JSON or YAML format is helpful but not required


June 13th, 2024 - Resolved IAM permission issue

April 27th, 2024 - Lab topic refactored to focus on OAuth 2.0 and API Gateway as the comparison with Cloud Endpoints became less relevant as the Cloud Endpoints Framework supports only deprecated runtimes (Python 2.7 and Java 8)

December 6th, 2023 - Addressed user ban issue and promptly added a warning

August 26th, 2022 - Resolved an issue causing the test application to not enable the sign in button

May 26th, 2022 - Correct error within VM instance

Environment before

Environment after

About the author

Logan Rakai, opens in a new tab
Lead Content Developer - Labs
Learning paths

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.

LinkedIn, Twitter, GitHub

Covered topics

Lab steps

Signing In to the Google Cloud Console
Creating an OAuth Client Application for Google Authentication
Deploying the API to App Engine
Creating API Config and API Gateway
Testing API Gateway Output