Issuing HTTP(S) Requests

Region ID

The REGION_ID is an abbreviated code that Google assigns based on the region you select when you create your app. The code does not correspond to a country or province, even though some region IDs may appear similar to commonly used country and province codes. For apps created after February 2020, REGION_ID.r is included in App Engine URLs. For existing apps created before this date, the region ID is optional in the URL.

Learn more about region IDs.

This page describes how to issue HTTP(S) requests from your App Engine app.

App Engine uses the URL Fetch service to issue outbound HTTP(S) requests. For details on request size limits and which headers are sent in a URL Fetch request, see Outbound Requests.

Issuing an HTTP request

The PHP language provides several functions for making remote HTTP requests. These are implemented in different ways in Google App Engine, and are subject to different quotas and costs:

  • Stream handlers: The native http:// and https:// PHP stream handlers are configured to use App Engine's URL Fetch service to make HTTP requests. Many PHP functions such as file_get_contents() use stream handlers indirectly, and thus also use the URL Fetch service.
  • cURL extension: The cURL extension uses the Sockets service. The cURL extension must be enabled in your application's php.ini file and billing must be enabled for your project.
  • cURL "lite": cURL "lite" is a Google-supplied version of the cURL library that uses the URL Fetch service instead of the Sockets service. You must enable cURL "lite" in your application's php.ini file. The following methods of the cURL extension are not supported:
    • curl_multi_* functions
    • support for non-standard protocols
    • support for ports other than 80 (HTTP) or 443 (HTTPS)

Deciding whether to use cURL, cURL Lite, or stream wrappers depends largely on your application and preference. If you are unsure, use the Guzzle HTTP library. Guzzle provides an abstraction layer for HTTP requests, which allows you to change the underlying service without rewriting application code.

Stream handlers

The standard HTTP(S) stream handlers are used in built-in PHP functions such as fopen() and file_get_contents().

$url = '';
$data = ['data' => 'this', 'data2' => 'that'];
$headers = "accept: */*\r\n" .
    "Content-Type: application/x-www-form-urlencoded\r\n" .
    "Custom-Header: custom-value\r\n" .
    "Custom-Header-Two: custom-value-2\r\n";

$context = [
    'http' => [
        'method' => 'POST',
        'header' => $headers,
        'content' => http_build_query($data),
$context = stream_context_create($context);
$result = file_get_contents($url, false, $context);

cURL and cURL "lite"

Enable cURL or cURL "lite" in php.ini to use cURL functions for outbound requests. cURL "lite" uses the URL Fetch service, while cURL uses the Sockets API

$url = '';
$data = ['data' => 'this', 'data2' => 'that'];
$headers = [
    'Accept: */*',
    'Content-Type: application/x-www-form-urlencoded',
    'Custom-Header: custom-value',
    'Custom-Header-Two: custom-value-2'

// open connection
$ch = curl_init();

// set curl options
$options = [
    CURLOPT_URL => $url,
    CURLOPT_POST => count($data),
    CURLOPT_POSTFIELDS => http_build_query($data),
    CURLOPT_HTTPHEADER => $headers,
curl_setopt_array($ch, $options);

// execute
$result = curl_exec($ch);

// close connection


By default, Guzzle uses PHP's stream handler, but will automatically use a cURL handler if cURL or cURL "lite" is enabled.

$url = '';
$data = ['data' => 'this', 'data2' => 'that'];
$headers = [
    'Accept' => '*/*',
    'Content-Type' => 'application/x-www-form-urlencoded',
    'Custom-Header' => 'custom-value',
    'Custom-Header-Two' => 'custom-value',

$guzzle = new GuzzleHttp\Client;
$request = new GuzzleHttp\Psr7\Request('POST', $url, $headers, http_build_query($data));
$result = $guzzle->send($request);

Setting a request timeout

Use the timeout option in HTTP context to alter the deadline.

Disabling redirects

If you are using URL Fetch, the underlying URL Fetch service follows up to five redirects by default. These redirects could forward sensitive information, such as authorization headers, to the redirected destination. If your app does not require HTTP redirects, it is recommended that you disable the redirects.

To instruct the URL Fetch service to not follow redirects, your app must set the follow_location parameter in the HTTP context options to false.

Issuing an HTTPS request

See Issuing an HTTP Request above.

Disabling host certificate validation

By default, the App Engine implementation of the HTTPS wrapper attempts to validate the certificate of the host, and rejects requests where the certificate does not match. To disable this behavior, set the value of verify_peer to false in the SSL/TLS context options.

Issuing a request to another App Engine app

When issuing a request to another App Engine app, your App Engine app must assert its identity by adding the header X-Appengine-Inbound-Appid to the request. If you instruct the URL Fetch service to not follow redirects, App Engine will add this header to requests automatically.

See Disabling redirects for guidance on disabling redirects.

What's next

Learn about the URL Fetch service, such as the headers that are sent in a URL Fetch request in Outbound Requests.