0

I am trying to service a public website from a Google Cloud SQL database (MySQL).

Since it is a public website, I found out the only way for me to gain access in to use an API Key, and add it it to the request like that: ...?key=FHkdvfio.....

If I understand correctly, the Cloud SQL DB end point should look something like that:

jdbc:google:mysql://<my-instance-ip>:3306/<my-database-name>?key=....

What I could not find, is an example of how to actually send SQL queries from JavaScript using this API Key.

The reason I'm using JavaScript is because the web client is actually Google Apps Script driving a Google Sheet, with its pre-cursor JavaScript language.

Since it is a PUBLIC, ANONYMOUS website, I cannot use any of the Google provided libraries for Apps Script or connection/authentication methods, as the end user is not known, nor identified or logged-into any known Google account from any known IP address. Hence, the API Key method.

Can anyone point me in the right directions please?

Improve this question
2
  • Not super familiar with Apps Script, but I assume you've looked at this: developers.google.com/apps-script/guides/jdbc? Commented Aug 31, 2021 at 15:36
  • Yes enocom. This is for identified users, not for anonymous public website. Commented Sep 1, 2021 at 12:37

2 Answers 2

Reset to default
1

In short; you shouldn't do this as it is an insecure practice and API keys are unsupported by the MySQL database engine. You generally don't want to allow public access even to connect to your database, as it can expose security risks.

Typically, websites handle this by using API calls to the backend server, which are authenticated in some way. You could replicate this pattern by hosting your own service (perhaps in Cloud Functions or Cloud Run) that authenticates requests and performs queries needed to the instance.

Alternatively, consider using a managed service (perhaps Firestore) that does have this functionality. Firestore will also be "pay for what you use", meaning it's cost will scale with your traffic.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you, kurtisvg. I figured it is not possible this way.
0

I presume you are following this document to use API Key in Cloud SQL. Please note that the API Key mentioned in that document is for requests sent to Cloud SQL Admin API and Cloud SQL Admin API is the API for Cloud SQL instance management and not for accessing data stored in the Cloud SQL databases. You can refer to this document to understand more about Cloud SQL Admin API.

As mentioned in this document the recommended way to connect to a Cloud SQL MySQL instance is using Jdbc.getCloudSqlConnection(url). The url should have the form jdbc:google:mysql://subname, where subname is the instance connection name listed on the Cloud SQL instance Overview page in the Google Cloud Platform Console, which has the format: PROJECT-ID:REGION:INSTANCE-ID, instead of <my-instance-ip>:3306/<my-database-name>.

In order to access databases in Cloud SQL instances, you need to provide appropriate username and password. You can refer to the sample codes mentioned here.

Improve this answer

1 Comment

Thanks Prabit. Yes, with a signed-in user it's clear. I wanted an anonymous public website. Not using Cloud SQL for this then.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.