Region ID
The REGION_ID
is an abbreviated code that Google assigns
based on the region you select when you create your app. The code does not
correspond to a country or province, even though some region IDs may appear
similar to commonly used country and province codes. For apps created after
February 2020, REGION_ID.r
is included in
App Engine URLs. For existing apps created before this date, the
region ID is optional in the URL.
Learn more about region IDs.
This page describes how to issue HTTP(S) requests from your App Engine app.
For details on request size limits and which headers are sent in a URL Fetch request, see Outbound Requests.Issuing an HTTP request
To issue an outbound HTTP request, use the http
package as usual,
but create your client using urlfetch.Client
. urlfetch.Client
returns an *http.Client
that uses urlfetch.Transport
, which is
an implementation of the
http.RoundTripper interface
that makes requests using the URL Fetch API.
The following snippet demonstrates how to perform a basic HTTP GET
request:
Disabling redirects
If you are using URL Fetch, the underlying URL Fetch service follows up to five redirects by default. These redirects could forward sensitive information, such as authorization headers, to the redirected destination. If your app does not require HTTP redirects, it is recommended that you disable the redirects.
To instruct the URL Fetch service to not follow redirects, set the
CheckRedirect
field of the http.Client
returned from the
urlfetch
package
to return http.ErrUseLastResponse
.
This applies to appengine/urlfetch
and appengine/v2/urlfetch
. For example:
client := urlfetch.Client(ctx)
client.CheckRedirect = func(*http.Request, []*http.Request) error {
return http.ErrUseLastResponse
}
Issuing an HTTPS request
In the Go API, you do not need to explicitly secure your request. The underlying URL Fetch service validates the certificate of the host it is contacting by default, and rejects requests if the certificate does not match.
Disabling host certificate validation
To disable automatic host certificate validation, you can manually create a
Transport and set
AllowInvalidServerCertificate
to true
.
Issuing a request to another App Engine app
When issuing a request to another App Engine app, your App Engine app
must assert its identity by adding the header X-Appengine-Inbound-Appid
to the request.
If you instruct the URL Fetch service to not follow redirects, App Engine
will add this header to requests automatically.
See Disabling redirects for guidance on disabling redirects.
What's next
Learn about the URL Fetch service, such as the headers that are sent in a URL Fetch request in Outbound Requests.