Is it possible to use a custom user defined API Key to authenticate to an API hosted on API Gateway? The key generated via APIs & Services > Credentials page is auto generated and not editable.
My use case is that my client application is running in a sandboxed environment that doesn't provide access to the underlying runtime (OS, file system, etc.). Only a limited set of APIs that the environment exposes can be used which includes an API to make https calls and another API to get a unique key that can be used as a sort of a password to authenticate that calls are coming from the sandboxed environment. Hence, I was thinking of using this key to authenticate to API Gateway.
If this is not supported, how can I securely access my backend APIs? One option is to validate the key in my backend hosted on Cloud Functions or Cloud Run, but I believe that would be very susceptible to denial of service attacks where a malicious user can bombard with unauthenticated requests.
I also briefly went over the second authentication mechanism using a service account and signing a JWT token, but that I believe requires storing the access key JSON file but I don't have access to any secure file system to store it.
