I've developed some google flex endpoints. They work locally but when I deploy the app (gcloud app deploy) I get a http status 403 forbidden. I'm using ajax to call the endpoint like this:
var echoEndpoint = function() {
$.ajax(userBaseUrl+'/echo', {
headers: {'Authorization': 'Bearer ' + userIdToken},
type: 'GET',
data: "key=my special key"
})
}
I'm protecting the endpoint with an apikey and passing the userIdToken in the header. The above code produces the 403 forbidden. But if I remove the header it works. albeit no user token. Here is the code that will NOT produce the 403
var echoEndpoint = function() {
$.ajax(userBaseUrl+'/echo', {
type: 'GET',
data: "key=my special key"
})
}
here is my paths section of my openapi.yaml .....
paths:
"/echo":
get:
description: "Echo a test message."
operationId: "echo"
produces:
- "application/json"
responses:
200:
description: "Echo"
schema:
$ref: "#/definitions/echoMessage"
x-security:
- firebase:
audiences:
- "my project-id"
....
definitions:
echoMessage:
properties:
message:
type: "string"
Do I need to specify in my openapi.yaml that I'm sending a header in the request? If so how and where? I tried to put it in the definitions section but that yields a INVALID_ARGUMENT error when trying to deploy.