GCP Cloud Functions & API Gateway

Complete Deployment Guide with Terminal Commands

Table of Contents

Initial Setup

Basic Authentication & Project Setup
# Authenticate with GCP
gcloud auth login

# List all projects
gcloud projects list

# Set the active project
gcloud config set project PROJECT_ID
# Set environment variables for easier reference
export PROJECT_ID="your-project-id"
export REGION="us-central1"

# Verify variables are set
echo "Project ID: $PROJECT_ID"
echo "Region: $REGION"

Enable Required Services

Basic Enable GCP Services
# Enable all required services
gcloud services enable cloudfunctions.googleapis.com \
  run.googleapis.com \
  cloudbuild.googleapis.com \
  artifactregistry.googleapis.com \
  apigateway.googleapis.com \
  servicemanagement.googleapis.com \
  servicecontrol.googleapis.com \
  logging.googleapis.com \
  --project=$PROJECT_ID
Tip: You can check which services are already enabled with:
gcloud services list --enabled --project=$PROJECT_ID

IAM Roles for Developers

Intermediate Required IAM Roles
# List of roles needed for Cloud Functions and API Gateway development:
# roles/apigateway.admin
# roles/cloudfunctions.admin
# roles/cloudfunctions.invoker
# roles/iam.serviceAccountUser
# roles/serviceusage.serviceUsageViewer
# roles/serviceusage.serviceUsageConsumer
# roles/logging.viewer
# roles/monitoring.viewer
# roles/serviceusage.serviceUsageAdmin
# Grant a user the necessary roles
gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="user:user@example.com" \
  --role="roles/cloudfunctions.admin"

# Repeat for other required roles

Deploy Cloud Functions

Intermediate Deploy Cloud Functions
# Deploy a public HTTP function (no authentication)
gcloud functions deploy getHelloWorld \
  --gen2 \
  --runtime nodejs20 \
  --trigger-http \
  --region $REGION \
  --allow-unauthenticated \
  --source="./functions/getHelloWorld" \
  --entry-point="getHelloWorld" \
  --project="$PROJECT_ID"
# Deploy a private HTTP function (requires authentication)
gcloud functions deploy getUserData \
  --gen2 \
  --runtime nodejs20 \
  --trigger-http \
  --region $REGION \
  --no-allow-unauthenticated \
  --source="./functions/getUserData" \
  --entry-point="getUserData" \
  --project="$PROJECT_ID"
Note: After deployment, you'll get URLs like:
https://$REGION-$PROJECT_ID.cloudfunctions.net/getHelloWorld
https://$REGION-$PROJECT_ID.cloudfunctions.net/getUserData

Deploy API Gateway

Advanced API Gateway Deployment
# Set environment variables for API Gateway
export PROJECT_ID="your-project-id"
export REGION="us-central1"
export GATEWAY_NAME="user-check-gateway"
export API_NAME="user-check-api"
export API_CONFIG="user-check-config"
export API_YAML="api-gateway.yaml"
# Step 1: Create the API
gcloud api-gateway apis create "$API_NAME" --project="$PROJECT_ID"

# Step 2: Create API config (requires YAML file)
gcloud api-gateway api-configs create "$API_CONFIG" \
  --api="$API_NAME" \
  --openapi-spec="$API_YAML" \
  --project="$PROJECT_ID"

# Step 3: Create the gateway
gcloud api-gateway gateways create "$GATEWAY_NAME" \
  --api="$API_NAME" \
  --api-config="$API_CONFIG" \
  --location="$REGION" \
  --project="$PROJECT_ID"
# Get the Gateway URL
export GATEWAY_URL=$(gcloud api-gateway gateways describe "$GATEWAY_NAME" \
  --location="$REGION" --project="$PROJECT_ID" \
  --format="value(defaultHostname)")
echo "API Gateway is live at: https://$GATEWAY_URL"

API Keys Management

Intermediate API Keys
# Check if API key already exists
EXISTING_API_KEY_NAME=$(gcloud alpha services api-keys list \
  --filter='displayName="helloWorld API Key"' \
  --format="value(name)" | tail -n 1)

if [ -z "$EXISTING_API_KEY_NAME" ]; then
  echo "Creating new API Key..."
  # Create API Key
  gcloud alpha services api-keys create \
    --display-name="helloWorld API Key" \
    --format="value(name)"
  sleep 10
else
  echo "Reusing existing API Key: $EXISTING_API_KEY_NAME"
fi

# Get the API key value
API_KEY=$(gcloud alpha services api-keys get-key-string "$EXISTING_API_KEY_NAME" \
  --format="get(keyString)" 2>/dev/null)
echo "API Key: $API_KEY"
# Enable the gateway service for API key authentication
# First, get the managed service name
MANAGED_SERVICE=$(gcloud api-gateway apis describe "$API_NAME" \
  --project="$PROJECT_ID" --format="value(managedService)")

# Enable the service
gcloud services enable "$MANAGED_SERVICE" --project="$PROJECT_ID"

Testing the Deployment

Basic Test Endpoints
# Test public endpoint (no API key needed)
curl -X GET "https://$GATEWAY_URL/get-hello"

# Test secure endpoint (API key required)
curl -X GET "https://$GATEWAY_URL/get-user-data" \
  -H "x-api-key: $API_KEY"

# Test POST endpoint
curl -X POST "https://$GATEWAY_URL/post-submit-data" \
  -H "Content-Type: application/json" \
  -d '{"name": "John", "email": "john@example.com"}'

Update & Versioning

Advanced Update API Gateway
# Create a new API config version
NEW_API_CONFIG="user-check-gateway-config-v2"

gcloud api-gateway api-configs create "$NEW_API_CONFIG" \
  --api="$API_NAME" \
  --openapi-spec="$API_YAML" \
  --project="$PROJECT_ID"

# Update the gateway to use the new config
gcloud api-gateway gateways update "$GATEWAY_NAME" \
  --api="$API_NAME" \
  --api-config="$NEW_API_CONFIG" \
  --location="$REGION" \
  --project="$PROJECT_ID"
# Rollback to previous version if needed
gcloud api-gateway gateways update "$GATEWAY_NAME" \
  --api-config="previous-config-name" \
  --location="$REGION" \
  --project="$PROJECT_ID"

Delete Resources

Intermediate Cleanup Resources
# Delete Cloud Function
gcloud functions delete FUNCTION_NAME \
  --region=$REGION \
  --project=$PROJECT_ID
# Delete API Gateway and related resources
gcloud api-gateway gateways delete "$GATEWAY_NAME" \
  --location="$REGION" \
  --project="$PROJECT_ID"

gcloud api-gateway api-configs delete "$API_CONFIG" \
  --api="$API_NAME" \
  --project="$PROJECT_ID"

gcloud api-gateway apis delete "$API_NAME" \
  --project="$PROJECT_ID"
# Delete API Key
gcloud alpha services api-keys delete "API_KEY_NAME"

Troubleshooting

Advanced Common Issues & Solutions
# Check API Gateway status
gcloud api-gateway gateways describe "$GATEWAY_NAME" \
  --location="$REGION" \
  --project="$PROJECT_ID"

# Check API configs
gcloud api-gateway api-configs list \
  --api="$API_NAME" \
  --project="$PROJECT_ID"

# Check Cloud Function logs
gcloud functions logs read FUNCTION_NAME \
  --region=$REGION \
  --project=$PROJECT_ID
Common Issues:
  • API Gateway returns 404: Check if the managed service is enabled
  • Authentication errors: Verify API key is correctly configured and restricted
  • CORS issues: Configure CORS in your Cloud Function code
  • Permission errors: Verify IAM roles are properly assigned

Pro Tips

  • Always use the --dry-run flag when available to test commands without making changes
  • Use environment variables to avoid repetition and mistakes
  • Enable detailed logging for debugging complex issues
  • Regularly clean up unused resources to avoid unnecessary costs
  • Use version control for your API Gateway configuration files