App Engine FAQ

How do I sign into my App Engine account?

For normal Google accounts, including Gmail users, you can log into your App Engine account by visiting the Google Cloud Console.

How do I create a Cloud project for App Engine?

Use the Google Cloud Console to create a Cloud project.

What languages are supported by Google App Engine?

Currently, App Engine standard environment supports Java, Python, PHP, Go, and Node.js. Additionally, your website templates can include JavaScript along with your HTML which, among other things, allows you to write AJAX-enabled web applications.

What type of certifications has App Engine received?

App Engine successfully completed the audit process for the SAS70 Type II, SSAE 16 Type II, ISO 27001, and ISAE 3402 Type II standards.

What are my rights to the projects I create?

Between Google and App Engine customers, the customer owns all intellectual property rights to their stored data and their application and project code. Google owns all intellectual property rights to App Engine and Google Cloud Platform's services and software.

For more information, including the definitions of these terms, see the Google Cloud Terms of Service.

Can I still develop a App Engine app if I don't have an account?

Absolutely! Even if you don't yet have a App Engine account you can always download our SDK and start developing.

How many applications can I create with App Engine?

The number of App Engine projects you can create depends on a variety of factors, including which resources you're using and your previous usage history with Google Cloud Platform. Customers might have different quota based on these and other factors.

If you attempt to exceed your project limit, the Cloud Console prompts you to fill out a request form. This happens when you try to create a project but you have already reached your quota. The form requires you to specify the number of additional projects you need, along with their corresponding email accounts, billing accounts, and intended uses.

More information on quota increase requests is available on the project quota requests page.

What type of content is allowed on Google App Engine?

Please see our Terms of Service if you have questions on what kind of content is allowed with App Engine.

Why do I get URI error for /favicon.ico?

Applications that have not included a favicon.ico file may include the URI /favicon.ico on the list of errorful URIs. Favicon.ico is a file that is requested by a user's web browser when it attempts to load the page. Favicon.ico is your website's icon, and is typically displayed in the user's browser URL bar, next to the web address of your site.

For your application, favicon.ico should be a static image. You can upload a favicon.ico file with your application, and in your app.yaml file configure your application to serve the image when the url /favicon.ico is requested. Below are example entries in appengine-web.xml (Java) and app.yaml (Python/PHP/Go). In the Python/PHP/Go example, favicon.ico is located in static/images. For simplicity, the same file is located in the root (war) directory in the Java example.


- url: /favicon\.ico
  static_files: static/images/favicon.ico
  upload: static/images/favicon\.ico


  <include path="/favicon.ico" />

What is GQL?

GQL is a query language that is used with Datastore. Python apps can use it to query for entities. It uses a SQL-like syntax to retrieve entire entities from your application's Datastore and includes the ability to filter on properties, specify the sorting order of the results, and limit the number of entities returned. The full GQL language reference can be found here.

Is GQL available for Java?

GQL is not included in the Java SDK, however it can be used through the Cloud Datastore API. We recommend that Java developers use JDO or JPA instead of GQL because they are type-safe. Using JDO/JPA allows the developer to find out about mistakes in the IDE rather than at runtime, and allows less room for SQL injection attacks.

Why do my queries need to be covered by indexes, and how do I include them?

If you run a query that filters on multiple entity properties or orders results by multiple properties, you will need an index for that query. You must have an index for every query of that kind that you run with your application. Datastore index for a query maintains and updates a list of keys sorted in the manner that the query specifies to allow speedy access to the data in Datastore. A full explanation of Datastore indexes can be found in our documentation (Java | Python | Go).

When you develop your application with Cloud SDK, every query you run automatically gets indexed when necessary. If you thoroughly test your application before uploading it to your website, all of the indexes your application will need will be included in your application's index.yaml files. You may manually add indexes if you find a query that was not covered by your development testing. For more information on how to write indexes for your application, see the index documentation.

Why were my indexes marked as Error?

They may be exploding indexes (Python | Java | Go), or may have encountered other similar problems when writing particular entities in your datastore. You can vacuum and re-attempt to build them by following the instructions in Queries (Python | Java | Go) and Indexes (Python | Java | Go).

Why do my indexes stay Building or Deleting for long periods of time?

Even if you don't have many entities of the corresponding kind(s), the time indexes take to build or delete can vary widely depending on the total amount of data in Datastore, indexes currently building for other apps, and Datastore load due to user requests, among other factors. In some cases, index jobs can take hours or even days to complete.

Even so, we can sometimes help with indexes that seem to be stuck. If you think this has happened to your indexes, you can post a question to the google-appengine group.

How do I authenticate users of my application?

The Users service (Java | Python | Go) allows you to authenticate users who have a Google Account, an account on their own G Suite domain. You choose one of these forms of authentication for your app.

If your app uses Google accounts, when your application requests a user sign in, the user is directed to a Google sign-in page to enter a username and password, or to create a new account. After successfully signing in, the user is then returned to your website, and the user information is available to your application through the Users property.

Are there any third-party libraries not supported by App Engine?


A small percentage of native C python modules, and subsets of native C python modules are not available with App Engine. The disabled modules fall in to the following categories:

  • Libraries that maintain databases on disk are not enabled in Python for App Engine
  • The system does not allow you to invoke subprocesses, as a result some module OS methods are disabled
  • Threading is not available
  • For security reasons, most C-based modules are disabled
  • Other features that are limited:
    • marshal is disabled
    • cPickle is aliased to pickle
    • System calls have been disabled

Please keep in mind that third party packages which use any of the above features will not function with App Engine (packages such as PostgreSQL, etc).


The majority of pure Go packages work on App Engine. A package may not work because of one of these reasons:

  • The package imports syscall or unsafe.
  • The package uses cgo or assembly.
  • The package requires functions in packages that are locked down, such as writing to disk, or direct network access.

Why did my app get disabled?

An app may be disabled if it fails to abide by our Terms and Conditions. Additionally, if an application is found to be using an inordinate amount of system resources due to a bug or other issue leading to inefficient resource usage, we may disable the app so that the developer can fix the development issues using our development SDK before re-enabling the application on App Engine.

Why is my app over quota?

App Engine places quota limits on the amount of each system resource that an application can consume in a day. All applications have a default quota configuration, the "free quotas", which should allow for roughly 5 million pageviews a month for an efficient application. You can read more about system quotas in the quota documentation.

As your application grows, it may need a higher resource allocation than the default quota configuration provides. You can purchase additional computing resources by enabling billing for your application. Billing enables developers to raise the limits on all system resources and pay for even higher limits on CPU, bandwidth, storage, and email usage.

How do I report an application that is in violation of your Terms and Conditions?

To report an application that is in violation of the App Engine Terms and Condition, please contact us. We will determine if the application is in violation, and if necessary, contact the application's developer over the violation.

Should I use the SDK for serving external requests?

The dev_appserver is designed for local testing and disallows external connections by default. You can override this using the --host <hostname> flag when running it, but doing so is not recommended because the SDK has not been hardened for security and may contain vulnerabilities.

How do I serve compressed content?

See Response compression.

Does App Engine support SSL (HTTPS)?

App Engine allows you to serve SSL (HTTPS) traffic through your domain. Simply add the 'secure' parameter to your app.yaml handler for the URLs through which you wish to support secure traffic. For complete information on how to configure your application for secure traffic, see the docs on app configuration (Java | Python | PHP | Go).

You can also serve SSL (HTTPS) traffic using a custom domain. You can also use naked domains if you use a custom domain with SSL.

Can I Use Strict-Transport-Security Headers in my project?

It is possible to use Strict-Transport-Security in App Engine. In order to add HTTP Strict-Transport-Security headers (HSTS) to your app, you must implement the headers within your app's code, not within your app's config file (app.yaml or appengine-web.xml).

Can I use SSL (HTTPS) on App Engine with my custom domain?

You can serve SSL through your custom domain.

Do tools like remote_api use SSL (HTTPS)?

The SDK tools which use login (remote_api, appengine_rpc) use SSL when communicating your email address and password.

The Python and Go SDKs have the ability to validate the SSL certificate over the remote connection. To do this you must have the ssl Python module installed on your system. If you are using Python 2.5, you can install the module from If there is an error validating the SSL certificate, the tools will raise an InvalidCertificateException explaining what went wrong.

The Java SDK also enables SSL by default. If an error is encountered while validating the SSL certificate it will throw a

I'd like to map my app to a naked domain (such as

A "naked domain" lets users access your app directly at the domain name (, without requiring a subdomain such as or You can set up your App Engine app with a naked domain in the Google Cloud project console. See using custom domains.

Naked domains are also supported if you are using a custom domain with SSL.

IP Addresses for App Engine services

Outbound services, such as the URL Fetch, Sockets and Mail APIs, make use of a large pool of IP addresses. The IP address ranges in this pool are subject to routine changes. In fact, two sequential API calls from the same application may appear to originate from two different IP addresses.

To find the current ranges of IP addresses that App Engine uses for outbound traffic, do the following:

  1. In a command shell, enter the following command:
    nslookup -q=TXT

    The response contains all of the current _cloud-netblocks for App Engine. For example:

    Non-authoritative answer:	text = "v=spf1 ?all"

    These results are not static. When you enter the command, you may see more or fewer netblocks than the example above.

  2. For each netblock listed in the response, enter the following query:
    nslookup -q=TXT netblock-name

    For example, if the previous query returned five netblocks, you would make the following five queries:

    nslookup -q=TXT
    nslookup -q=TXT
    nslookup -q=TXT
    nslookup -q=TXT
    nslookup -q=TXT

Each query of a specific netblock returns an IP range that you can use for App Engine outgoing traffic. For example, the query of _cloud-netblocks1 above could return the following:

Non-authoritative answer:	text = "v=spf1 ip6:2600:1900::/35 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ?all"

From this example, we see that both the and IP ranges can be used for App Engine traffic. Other queries for any additional netblocks may return additional IP ranges.

Note that using static IP address filtering is not considered a safe and effective means of protection. For example, an attacker could set up a malicious App Engine app which could share the same IP address range as your application. Instead, we suggest that you take a defense in depth approach using OAuth and Certs.

Can I access my App Engine instance on a private IP address?

App Engine itself does not provide a way to map static IP addresses to an application. However, you can use Cloud Load Balancing and serverless NEGS to reserve a static IP address for your load balancer, which then directs traffic to your app. For information about pricing, see External IP address pricing.

How do I define cron jobs for my application?

Please consult the language specific documentation for information on defining cron jobs for your application (Java | Python | Go | PHP).

What are task queues?

Task queues provide a mechanism for dynamically adding new requests to be fulfilled at a later point in time. If an app needs to execute some background work, it can use the Task Queue API to organize that work into small, discrete units called Tasks. Tasks are inserted into one or more Queues. App Engine automatically detects new Tasks and executes them when system resources permit. For more details, see the documentation for the Task Queue API (Java | Python | Go | PHP).

Can I use Google groups to grant access to my App Engine project?

If you add a Google group to your App Engine project, members of that group will have access to that project's resources, for example, Datastore, Task Queues, Memcache, etc.

How do I prevent users/subnets from accessing my app?

App Engine provides a DoS Protection Service that enables you to add IP addresses or subnets to a denylist. For more details, see the documentation for the DoS Protection Service (Java | Python | Go | PHP).

How do I get more information on application outages and accessibility issues with my application?

The Google Cloud Status Dashboard provides status information on the services that are part of Google Cloud Platform.

For China, App Engine accessibility may be intermittent. See the Google Transparency Report for accessibility issues on other Google products in China.