Is there a way to secure Google cloud endpoints proto datastore?

Question

my setup:

1. Python, google app engine using endpoints_proto_datastore
2. iOS, endpoints Obj-C client library generator

Background

<

Answer 1

An excellent question and a real problem. I solved it by having my own "user" database table. The Long key (I use Java) is auto-generated on write and that is the value I use to uniquely identify the user from then on. Also written to that table are the Google ID (provided if being called through a web page), email address, and iOS id (when using the iOS app while not signed-in to a Google account).

When my AppEngine endpoint gets called, I use information that is present in the User parameter (just the authenticated email address for signed-in clients) or a separate, optional iosid parameter in order to fetch my internal userid number from said table and use that from then on to uniquely identify my user.

I use the same table to store other user-specific information, too, so it really isn't any different than trying to use current_user as a primary key other than I had to make three fields (googleid, email, iosid) indexed for lookup.