Cloud IAP is an access management tool that enables folks to use their internal business apps while not requiring to attach to a VPN.
It is based on the context like the ip address of the client or form of the request.
As per the architectural concept of Cloud IAP it does perform 'Authentication' and 'Authorization' . When you turn on Cloud IAP for a resource, it automatically creates an OAuth 2.0 client ID and secret. If you delete the automatically generated OAuth 2.0 credentials, Cloud IAP won't function correctly.
Cloud Endpoints, on the other hand, is solely accustomed to manage your APIs by primarily permitting developers to get their own keys.
It uses Auth0 and Firebase authentication.
Hope this helps!!
If you need to know more about Google Cloud, It's recommended to go for Google Cloud architect certification course.