users.js Alternative using Vertex AI API

This page shows the alter users.js file for using the Vertex AI API rather than the original Gemini API approach (see github for other code).

Prerequisites: Setting Up Authentication for Vertex AI in a Node.js Express App on Google App Engine

GAE provides Application Default Credentials (ADC) automatically, allowing your app to securely access Vertex AI using the service account assigned to your App Engine service.

1. How Authentication Works on GAE

Every App Engine application runs under a service account identity.
By default, this is:

PROJECT_ID@appspot.gserviceaccount.com  
         

Google Cloud automatically retrieves and manages access tokens for this identity through its metadata server, meaning your app can call Vertex AI without handling or exposing key files.

The Vertex AI client library in Node.js automatically detects these credentials, so your Express app can securely authenticate with Vertex AI right out of the box.

2. Granting the Right Permissions

You must ensure that your App Engine service account has permission to use Vertex AI.
In the Google Cloud Console:

1. Go to IAM & Admin → IAM.

2. Locate your App Engine default service account (PROJECT_ID@appspot.gserviceaccount.com).

3. Click Edit principal → Add role.

4. Assign the role Vertex AI User (roles/aiplatform.user).

   • Optional additional roles:

     • Storage Object Viewer (roles/storage.objectViewer) if you will access files in Cloud Storage.

     • Service Account Token Creator (roles/iam.serviceAccountTokenCreator) for advanced SDK use cases.

This ensures that your app can call the Vertex AI API securely using built-in credentials.

Configuring Your Express App

In your Express app (for example, users.js in the /routes folder), initialize the Vertex AI SDK without specifying any credentials or environment variables.
The SDK will automatically use the credentials from the App Engine environment.

import express from "express";
import { VertexAI } from "@google-cloud/vertexai";

const router = express.Router();

const project = process.env.GOOGLE_CLOUD_PROJECT; // GAE provides this automatically
const location = "us-central1"; // choose your desired region
const vertexAI = new VertexAI({ project, location });
const model = vertexAI.getGenerativeModel({ model: "gemini-1.5-flash" });

router.get("/", async (req, res) => {
   try {
       const request = {
           contents: [{ role: "user", parts: [{ text: "Tell me a fun fact about Users" }] }],
       };
                    
       const result = await model.generateContent(request);
       const text = result.response.candidates[0].content.parts[0].text;
       res.send(`Vertex AI (GAE) says: ${text}`);
   } catch (error) {
       console.error("Vertex AI error:", error);
       res.status(500).send("Error connecting to Vertex AI – check IAM permissions and region setup.");
   }
);

export default router;
                

Your app.yaml file (in your IDE) might look something like:

runtime: nodejs20

# The service name determines your endpoint path (e.g., https://SERVICE-dot-PROJECT_ID.appspot.com)
service: default

# Optional: specify a custom service account with Vertex AI permissions
# (omit this section if using the default App Engine service account)
service_account: vertex-ai-webapp@YOUR_PROJECT_ID.iam.gserviceaccount.com

# Environment variables for your app
env_variables:
   NODE_ENV: "production"
   GOOGLE_CLOUD_PROJECT: "YOUR_PROJECT_ID"
   REGION: "us-central1"  # choose the same region you use for Vertex AI models

# Instance configuration (optional but recommended for control)
instance_class: F2  # can adjust for cost/performance (F1, F2, F4, etc.)
automatic_scaling:
   max_instances: 3
   min_instances: 0
   target_cpu_utilization: 0.65

# Optional: define a URL handler if using static assets or APIs
handlers:
   - url: /.*
   script: auto