Access control for GCP APIs encompasses authentication, authorization, and auditing. Authentication determines who you are, authorization determines what you can do, and auditing logs record what you did

Application credentials provide the required information about the caller making a request to a GCP API. Valid credential types include API keys, OAuth 2.0 client credentials, or service account keys.

Cloud IAP enables you to configure Cloud IAP policies for individual resources in a Google Cloud Platform (GCP) project. Multiple apps within a project can each have different access policies

deploying an App Engine standard or flexible environment application and securing it with Cloud Identity-Aware Proxy (Cloud IAP)

On the App Engine flexible environment, ESP is automatically deployed for you when you add a few lines to your app.yaml file. For more information, see Deploying your API and ESP. For the App Engine standard generation 1 environment, you must use Endpoints Frameworks. If you instead deploy the container to one of the compute options above, you can proxy to either generation of App Engine standard runtime.