The Python SDK includes a library called Remote API that lets you transparently access App Engine services from any Python application. For example, you can use Remote API to access a production datastore from an app running on your local machine. The Remote API interacts with the real services: you will incur quota usage on the application that you are accessing.
Enabling Remote API
You can enable the Remote API using either the
builtins directive, which makes
the Remote API available on the default path, or the
url directive. If the URL
is changed, all applications that connect to the App Engine application need to
change the URL as well. Both methods are detailed below.
To map the Remote API to the default path (
/remote_api), add the
remote_api builtin to your
If you need to map the Remote API to a path other than the default, you can use
url directive in
- url: /remoteapi.* script: google.appengine.ext.remote_api.handler.application
An error is returned if there is no authenticated user or if the authenticated user is not an admin of your application, so there is no need to configure any additional security.
Using the Remote API shell
The Python SDK includes a Remote API shell which allows you to run a shell that has access to the real App Engine services and your application's datastore.
The Remote API Shell is included in the App Engine SDK:
$GAE_SDK_ROOT/remote_api_shell.py -s <your_app_id>.appspot.com
When executing the Remote API shell you can also provide the flag
This will allow you to connect using OAuth 2.0 credentials from the
command line tool, which is more secure than typing in your username and
password. You can also provide your OAuth 2.0 credentials through other methods
which are detailed on the
Application Default Credentials page.
From the Remote API shell, you can use App Engine APIs and interact with your production application's services:
>>> from google.appengine.ext import ndb >>> >>> # Fetch 10 keys from the datastore >>> ndb.Query().fetch(10, keys_only=True)
In general, the Remote API shell behaves exactly as if you were accessing the App Engine APIs directly from an application running on Google App Engine. However, because the script is running on your local machine, you can access files and resources on your local machine. If you run the Remote API Shell from your application's directory, you can also import modules from your application just as you would in a normal App Engine application.
Using the Remote API in a local client
These instructions show the use of OAuth 2.0. If you
have an older application that uses ClientLogin (where you supply username and
password), you should migrate the app
to use OAuth 2.0 as shown on this page because
ClientLogin is being turned
off soon. After making the code changes shown on this page, if you use a
Custom URL rather than a built-in, you must also
login:admin from the remote_api handler (
- url: /remoteapi.*) in your
app.yaml file and you must then redeploy your application.
Note that the handler still performs admin authentication even without the
login:admin entry, so your application continues to be protected.
The Remote API can also be used within local applications. This will allow you to write local applications that access the real App Engine services. To use the remote API in a local application:
- Enable the remote API for your application.
- Ensure the App Engine SDK is in your
- Your code needs to
import dev_appserverand call
dev_appserver.fix_sys_path(). This call ensures that all of the App Engine SDK modules will import correctly.
- Configure the
The following sample application shows how to call
fix_sys_path and configure the
remote_api_stub to use the App Engine APIs to access the datastore: