Cloud Endpoints: Control who can execute API through API Explorer

Question

Everyone who successfully authenticates through Google account would be able to execute the API through the API Explorer.

I would like to limit the ability to execut

Answer 1

1. Identify that the request is coming through the API explorer. One way is through the origin/referrer in the headers. For obtaining header information see this question.

And,

2. If the list of users is known, in the endpoints method raise endpoints.UnauthorizedException if the user (endpoints.get_current_user()) is not in the list.

Python sample code:

if self.request_state.headers.get('x-referer') == "https://apis-explorer.appspot.com" and endpoints.get_current_user() not in MY_LIST:
  raise endpoints.UnauthorizedException('Not Authorized')