Disregard an official note stated in PubSub Authentication (see: https://cloud.google.com/pubsub/docs/authentication#more-information
for the quote):
Note: Cloud Pub/Sub does not support API keys as an authentication method.
In fact, it is still supported, though discouraged in favour of better techniques like OAuth and no longer available in access control UIs.
I believe it is supported silently for the cases when the upgrade is not feasible, like IoT devices that are out of developers reach (a case I have a chance to deal with.)
You can still use Access Control APIs to enable it.
To allow (anonymous) unauthenticated user access for the publishing access to the topic (using the API key) you’ll need to set role roles/pubsub.publisher
to allUsers
for your resource (a topic identified as /projects/your-project-name/topics/your-topic-name/
)
Example:
POST https://pubsub.googleapis.com/v1/{resource}:setIamPolicy
{
"policy": {
"bindings": [
{
"role": "roles/pubsub.publisher",
"members": [
"allUsers"
]
}
]
}
}
This will allow, having an API key, to publish to the topic without authentication. This is not wise but it is the only way to support obsolete devices still dependant on that feature and unable to use OAuth for an example.
More info: