Endpoint Annotations and Syntax

We recommend that you use the latest version of this feature, which is renamed to Cloud Endpoints Frameworks for App Engine. This new version supports App Engine standard environment, provides lower latency, and has better integration with App Engine. For more details, see Migrating to 2.0.

Endpoint annotations describe API configuration, methods, parameters, and other vital details that define the properties and behavior of the Endpoint.

See the backend API tutorial for a recommended way of adding annotations using a Maven project. Maven App Engine Endpoints artifacts are provided to make it easy to create and build a backend API, and generate a client library from it. Alternatively, you could use the Google Plugin for Eclipse (GPE).

The annotation that specifies configuration and behavior across the entire API (affecting all the classes exposed in the API and all their exposed methods) is @Api. All public, non-static, non-bridge methods of a class annotated with @Api will be exposed in the public API.

If you need special API configuration for a particular method, you can optionally use @ApiMethod to set configuration on a per method basis. You configure these annotations by setting various attributes, as shown in the tables below.

@Api: API-Scoped Annotations

The annotation @Api is used to configure the whole API, and apply to all public methods of a class unless overridden by @ApiMethod.

(To override a given @Api annotation for a specific class within an API, see @ApiClass and @ApiReference.)

Required Imports

To use this feature, you need the following import:

import com.google.api.server.spi.config.Api;


@Api Attributes Description Example
audiences Required if your API requires authentication and if you are supporting Android clients. For more information, see Client IDs and Audiences. audiences = {"1-web-apps.apps.googleusercontent.com", "2-web-apps.apps.googleusercontent.com"}
backendRoot The root URL used for method calls to backend instances. If not supplied, the default https://your_app_id.appspot.com/_ah/spi is used. backendRoot = "https://example.appspot.com/_ah/spi"
canonicalName Used to specify a different or more readable name for the API in the client library. This name is used to generate the names in the client library; the backend API continues to use the value specified in the name property.

For example, if your API has the name set to dfaanalytics, you could use this property to specify a canonical name of DFA Group Analytics; the generated client classes would then contain the name DfaGroupAnalytics.

You should include the relevant spaces between the names as shown above; these will be replaced by the appropriate camel casing or underscores.
canonicalName = "DFA Analytics:"n
clientIds Required if your API uses authentication. List of client IDs for clients allowed to request tokens. For more information, see Client IDs and Audiences. clientIds = {"1-web-apps.apps.googleusercontent.com", "2-android-apps.apps.googleusercontent.com"}
defaultVersion Specifies whether a default version is used if none is supplied in the version attribute. defaultVersion = AnnotationBoolean.TRUE
description A short description of the API. This is exposed in the discovery service to describe your API, and may optionally also be used to generate documentation. description = "Sample API for a simple game"
documentationLink The URL where users can find documentation about this version of the API. This will be surfaced in the API Explorer "Learn More" highlight at the top of the API Explorer page and also in the GPE plugin to allow users to learn about your service. documentationLink = "http://link_to/docs"
name The name of the API, which is used as the prefix for all of the API's methods and paths. The name value:
  • Must begin with lowercase
  • Must match the regular expression [a-z]+[A-Za-z0-9]*
If you don't specify name, the default myapi is used.
name = "foosBall"
namespace Configures namespacing for generated clients. See @ApiNamespace. namespace=@ApiNamespace(ownerDomain="your-company.com", ownerName="YourCo", packagePath="cloud/platform")
root The frontend root URL under which your API methods are exposed for. If not supplied, the default https://your_app_id.appspot.com/_ah/api is used. root = "https://example.appspot.com/_ah/api"
scopes If not supplied, the default is the email scope (https://www.googleapis.com/auth/userinfo.email), which is required for OAuth. You can override this to specify more OAuth 2.0 scopes if you wish. However, if you do define more than one scope, note that the scope check will pass if the token is minted for any of the specified scopes. To override the scopes specified here for a particular API method, specify different scopes in the @ApiMethod annotation. scopes = {"ss0", "ss1"}
title The text displayed in API Explorer as the title of your API, and exposed in the discovery and the directory services. title = "My Backend API"
transformers Specifies a list of custom transformers. Note that there is an alternative annotation (@ApiTransformer) that is preferable. This attribute is overridden by @ApiTransformer. transformers = {BazTransformer.class}
version Specifies your Endpoint’s version. If you don't supply this, the default v1 is used. version = "v2"

Sample @Api Annotation

This annotation is placed above the class definition:

/** An endpoint class we are exposing */
@Api(name = "myApi",
    version = "v1",
    namespace = @ApiNamespace(ownerDomain = "helloworld.example.com",
        ownerName = "helloworld.example.com",
        packagePath = ""),
    clientIds = {Constants.WEB_CLIENT_ID, Constants.ANDROID_CLIENT_ID, Constants.IOS_CLIENT_ID},
    audiences = {Constants.ANDROID_AUDIENCE})

Client IDs and Audiences

For OAuth2 authentication, an OAuth2 token is issued to a specific client ID, which means that this client ID can be used for restricting access to your APIs. When you register an iOS or Android application in the Google Cloud Platform Console, you create a client ID for it. This client ID is the one requesting an OAuth2 token from Google for authentication purposes. When the backend API is protected by auth, an OAuth2 access token is sent and opened by Google Cloud Endpoints, the client ID is extracted from the token, and then the ID is compared to the backend's declared acceptable Client ID list (the clientIds list).

So, if you want your Endpoints API to authenticate callers, you need to supply a list of clientIds that are allowed to request tokens that can be used with your application. This list should consist of the all client IDs you have obtained through the Cloud Platform Console for your web, Android, or iOS clients. (This means that the clients must be known at API build-time.) If you specify an empty list, {}, then no clients can access the methods protected by Auth.

If you use the clientIds attribute and you want to test authenticated calls to your API using the Google API Explorer, you must supply its client ID in the list of clientIds: the value to use is com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID.

About Audiences

The clientIds list protects the backend API from unauthorized clients. But further protection is needed to protect the clients, so that their auth token will work only for the intended backend API. For Android clients, this mechanism is the audiences attribute, in which you specify the client ID of the backend API.

Note that when you create a Google Cloud Platform Console Project, a default client ID is automatically created and named for use by the project. When you upload your backend API into App Engine, it uses that client ID. This is the web client ID mentioned in the backend API auth docs and the backend tutorial docs.

@ApiMethod: Method-Scoped Annotations

The annotation @ApiMethod is used to supply a different API configuration than the defaults provided by the @Api or @ApiClass annotations. Note that this is optional: all public, non static, non bridge methods in a class with an @Api annotation are exposed in the API, whether they have an @ApiMethod annotation or not.

Attributes within this annotation allow you to configure details of a single API method. If the same attribute is specified in @Api and @ApiMethod, @ApiMethod overrides.

Required Imports

To use this feature, you need the following imports:

import com.google.api.server.spi.config.AnnotationBoolean;
import com.google.api.server.spi.config.ApiMethod;
import com.google.api.server.spi.config.ApiMethod.HttpMethod;


@ApiMethod Attributes Description Example
name The name for this method in the generated client library. This is automatically prefixed with your API name to create a unique name for the method. The name value:
  • Must begin with lowercase
  • Must match the regular expression [a-z]+[A-Za-z0-9]*
If you don't specify name, the default myapi is used.
name = "foosBall.list"
path The URI path to use to access this method. If you don't set this, a default path is used based on the Java method name. path = "foos"
httpMethod The HTTP method to use. If you don't set this, a default is chosen based on the name of the method. httpMethod = HttpMethod.GET
scopes Specify one or more OAuth 2.0 scopes, one of which is required for calling this method. If you set scopes for a method, it overrides the setting in the @Api annotation. scopes = {"ss0", "ss1"}
audiences Supply this if you wish to override the configuration in @API. For more information, see Client IDs and Audiences. audiences = {"1-web-apps.apps.googleusercontent.com", "2-web-apps.apps.googleusercontent.com"}
clientIds List of client IDs for clients allowed to request tokens. Required if your API uses authentication. clientIds = {"1-web-apps.apps.googleusercontent.com", "2-android-apps.apps.googleusercontent.com"}

Sample @ApiMethod Annotation

This annotation is placed above the method definition inside a class: