Hi Team,
I have configured my openapi.yaml to restrict access to one of the API endpoints with the following quota settings:
x-google-management:
metrics:
- name: “read-requests”
displayName: “Read requests”
valueType: INT64
metricKind: DELTA
quota:
limits: - name: “read-limit”
metric: “read-requests”
unit: “1/min/{project}”
values:
STANDARD: 3
Here is the relevant path configuration:
paths:
/v1/ds:
get:
summary: Retrieve Data
operationId: getAggDailyData
x-google-backend:
path_translation: APPEND_PATH_TO_ADDRESS
address: ${PUB_API_FNC_URL}
x-google-quota:
metricCosts:
“read-requests”: 1
*no security def
*the backend of the api gateway path is a cloud function
Issue:
When I add the x-api-key header to the request, the quota limits are not being enforced, regardless of the value provided in the header. However, when the x-api-key header is not included, the quota works as expected.
Details:
There are no security definitions configured in the OpenAPI spec.
The x-api-key is not explicitly associated with any project in the configuration.
Could you help me understand why the quota enforcement is bypassed when the x-api-key header is present and how I can resolve this?
Thanks in advance for your assistance!