How do I sign into my App Engine account?
For normal Google accounts, including Gmail users, you can log into your App Engine account by visiting the Google Cloud Console.
How do I create a Cloud project for App Engine?
Use the Google Cloud Console to create a Cloud project.
What languages are supported by Google App Engine?
What type of certifications has App Engine received?
What are my rights to the projects I create?
Between Google and App Engine customers, the customer owns all intellectual property rights to their stored data and their application and project code. Google owns all intellectual property rights to App Engine and Google Cloud Platform's services and software.
For more information, including the definitions of these terms, see the Google Cloud Terms of Service.
Can I still develop a App Engine app if I don't have an account?
Absolutely! Even if you don't yet have a App Engine account you can always download our SDK and start developing.
How many applications can I create with App Engine?
The number of App Engine projects you can create depends on a variety of factors, including which resources you're using and your previous usage history with Google Cloud Platform. Customers might have different quota based on these and other factors.
If you attempt to exceed your project limit, the Cloud Console prompts you to fill out a request form. This happens when you try to create a project but you have already reached your quota. The form requires you to specify the number of additional projects you need, along with their corresponding email accounts, billing accounts, and intended uses.
More information on quota increase requests is available on the project quota requests page.
What type of content is allowed on Google App Engine?
Please see our Terms of Service if you have questions on what kind of content is allowed with App Engine.
Why do I get URI error for /favicon.ico?
Applications that have not included a favicon.ico file may include the URI
/favicon.ico on the list of errorful URIs. Favicon.ico is a file
that is requested by a user's web browser when it attempts to load the page.
Favicon.ico is your website's icon, and is typically displayed in the user's
browser URL bar, next to the web address of your site.
For your application, favicon.ico should be a static image.
You can upload a favicon.ico file with your application, and in your app.yaml
file configure your application to serve the image when the url /favicon.ico is
requested. Below are example entries in
app.yaml (Python/PHP/Go). In the Python/PHP/Go example,
favicon.ico is located in
simplicity, the same file is located in the root (
war) directory in
the Java example.
- url: /favicon\.ico static_files: static/images/favicon.ico upload: static/images/favicon\.ico
<static-files> <include path="/favicon.ico" /> </static-files>
What is GQL?
GQL is a query language that is used with Datastore. Python apps can use it to query for entities. It uses a SQL-like syntax to retrieve entire entities from your application's Datastore and includes the ability to filter on properties, specify the sorting order of the results, and limit the number of entities returned. The full GQL language reference can be found here.
Is GQL available for Java?
GQL is not included in the Java SDK, however it can be used through the Cloud Datastore API. We recommend that Java developers use JDO or JPA instead of GQL because they are type-safe. Using JDO/JPA allows the developer to find out about mistakes in the IDE rather than at runtime, and allows less room for SQL injection attacks.
Why do my queries need to be covered by indexes, and how do I include them?
If you run a query that filters on multiple entity properties or orders results by multiple properties, you will need an index for that query. You must have an index for every query of that kind that you run with your application. Datastore index for a query maintains and updates a list of keys sorted in the manner that the query specifies to allow speedy access to the data in Datastore. A full explanation of Datastore indexes can be found in our documentation (Java | Python | Go).
When you develop your application with Cloud SDK, every query
you run automatically gets indexed when necessary. If you thoroughly test your
application before uploading it to your website, all of the indexes your
application will need will be included in your application's
files. You may manually add indexes if you find a query that was not covered by
your development testing. For more information on how to write indexes for your
application, see the index documentation.
Why were my indexes marked as Error?
They may be exploding indexes (Python | Java | Go), or may have encountered other similar problems when writing particular entities in your datastore. You can vacuum and re-attempt to build them by following the instructions in Queries (Python | Java | Go) and Indexes (Python | Java | Go).
Why do my indexes stay Building or Deleting for long periods of time?
Even if you don't have many entities of the corresponding kind(s), the time indexes take to build or delete can vary widely depending on the total amount of data in Datastore, indexes currently building for other apps, and Datastore load due to user requests, among other factors. In some cases, index jobs can take hours or even days to complete.
Even so, we can sometimes help with indexes that seem to be stuck. If you think this has happened to your indexes, you can post a question to the google-appengine group.
How do I authenticate users of my application?
The Users service (Java | Python | Go) allows you to authenticate users who have a Google Account, an account on their own G Suite domain. You choose one of these forms of authentication for your app.
If your app uses Google accounts, when your application requests a user sign in, the user is directed to a Google sign-in page to enter a username and password, or to create a new account. After successfully signing in, the user is then returned to your website, and the user information is available to your application through the Users property.
Are there any third-party libraries not supported by App Engine?
A small percentage of native C python modules, and subsets of native C python modules are not available with App Engine. The disabled modules fall in to the following categories:
- Libraries that maintain databases on disk are not enabled in Python for App Engine
- The system does not allow you to invoke subprocesses, as a result some module OS methods are disabled
- Threading is not available
- For security reasons, most C-based modules are disabled
- Other features that are limited:
- marshal is disabled
- cPickle is aliased to pickle
- System calls have been disabled
Please keep in mind that third party packages which use any of the above features will not function with App Engine (packages such as PostgreSQL, etc).
The majority of pure Go packages work on App Engine. A package may not work because of one of these reasons:
- The package imports
- The package uses cgo or assembly.
- The package requires functions in packages that are locked down, such as writing to disk, or direct network access.
Why did my app get disabled?
An app may be disabled if it fails to abide by our Terms and Conditions. Additionally, if an application is found to be using an inordinate amount of system resources due to a bug or other issue leading to inefficient resource usage, we may disable the app so that the developer can fix the development issues using our development SDK before re-enabling the application on App Engine.
Why is my app over quota?
App Engine places quota limits on the amount of each system resource that an application can consume in a day. All applications have a default quota configuration, the "free quotas", which should allow for roughly 5 million pageviews a month for an efficient application. You can read more about system quotas in the quota documentation.
As your application grows, it may need a higher resource allocation than the default quota configuration provides. You can purchase additional computing resources by enabling billing for your application. Billing enables developers to raise the limits on all system resources and pay for even higher limits on CPU, bandwidth, storage, and email usage.
How do I report an application that is in violation of your Terms and Conditions?
To report an application that is in violation of the App Engine Terms and Condition, please contact us. We will determine if the application is in violation, and if necessary, contact the application's developer over the violation.
Should I use the SDK for serving external requests?
The dev_appserver is designed for local testing and disallows external
connections by default. You can override this using the
flag when running it, but doing so is not recommended because the SDK has not
been hardened for security and may contain vulnerabilities.
How do I serve compressed content?
App Engine does its best to serve gzipped content to browsers that support it. Taking advantage of this scheme is automatic and requires no modifications to applications.
We use a combination of request headers (Accept-Encoding, User-Agent) and response headers (Content-Type) to determine whether or not the end-user can take advantage of gzipped content. This approach avoids some well-known bugs with gzipped content in popular browsers. To force gzipped content to be served, clients may supply 'gzip' as the value of both the Accept-Encoding and User-Agent request headers. Content will never be gzipped if no Accept-Encoding header is present.
Does App Engine support SSL (HTTPS)?
App Engine allows you to serve SSL (HTTPS) traffic through your appspot.com domain. Simply add the 'secure' parameter to your app.yaml handler for the URLs through which you wish to support secure traffic. For complete information on how to configure your application for secure traffic, see the docs on app configuration (Java | Python | PHP | Go).
You can also serve SSL (HTTPS) traffic using a custom domain. You can also use naked domains if you use a custom domain with SSL.
Can I Use Strict-Transport-Security Headers in my project?
It is possible to use
Strict-Transport-Security in App Engine. In order to add HTTP
headers (HSTS) to your app, you must implement the headers within your app's code, not within
your app's config file (
Can I use SSL (HTTPS) on App Engine with my custom domain?
You can serve SSL through your custom domain.
Do tools like remote_api use SSL (HTTPS)?
The SDK tools which use login (remote_api, appengine_rpc) use SSL when communicating your email address and password.
The Python and Go SDKs have the ability to validate the SSL certificate over the
remote connection. To do this you must have the
ssl Python module installed on your system. If you are using Python
2.5, you can install the module from
If there is an error validating the SSL certificate, the tools will raise
InvalidCertificateException explaining what went wrong.
The Java SDK also enables SSL by default. If an
error is encountered while validating the SSL certificate it will throw a
I'd like to map my app to a naked domain (such as http://example.com).
A "naked domain" lets users access your app directly at the domain name (http://example.com), without requiring a subdomain such as http://www.example.com or http://myapp.example.com. You can set up your App Engine app with a naked domain in the Google Cloud project console. See using custom domains.
Naked domains are also supported if you are using a custom domain with SSL.
Static IP Addresses and App Engine apps
App Engine does not currently provide a way to map static IP addresses to an application. In order to optimize the network path between an end user and an App Engine application, end users on different ISPs or geographic locations might use different IP addresses to access the same App Engine application. DNS might return different IP addresses to access App Engine over time or from different network locations.
Outbound services, such as the URL Fetch, Sockets and Mail APIs, make use of a large pool of IP addresses. The IP address ranges in this pool are subject to routine changes. In fact, two sequential API calls from the same application may appear to originate from two different IP addresses.
To find the current ranges of IP addresses that App Engine uses for outbound traffic, do the following:
- In a command shell, enter the following command:
nslookup -q=TXT _cloud-netblocks.googleusercontent.com 22.214.171.124
The response contains all of the current
_cloud-netblocksfor App Engine. For example:
Non-authoritative answer: _cloud-netblocks.googleusercontent.com text = "v=spf1 include:_cloud-netblocks1.googleusercontent.com include:_cloud-netblocks2.googleusercontent.com include:_cloud-netblocks3.googleusercontent.com include:_cloud-netblocks4.googleusercontent.com include:_cloud-netblocks5.googleusercontent.com ?all"
These results are not static. When you enter the command, you may see more or fewer netblocks than the example above.
- For each netblock listed in the response, enter the following query:
nslookup -q=TXT netblock-name 126.96.36.199
For example, if the previous query returned five netblocks, you would make the following five queries:
nslookup -q=TXT _cloud-netblocks1.googleusercontent.com 188.8.131.52 nslookup -q=TXT _cloud-netblocks2.googleusercontent.com 184.108.40.206 nslookup -q=TXT _cloud-netblocks3.googleusercontent.com 220.127.116.11 nslookup -q=TXT _cloud-netblocks4.googleusercontent.com 18.104.22.168 nslookup -q=TXT _cloud-netblocks5.googleusercontent.com 22.214.171.124
Each query of a specific netblock returns an IP range that you can use for App Engine
outgoing traffic. For example, the query of
_cloud-netblocks1 above could return the
Non-authoritative answer: _cloud-netblocks1.googleusercontent.com text = "v=spf1 include:_cloud-netblocks6.googleusercontent.com include:_cloud-netblocks7.googleusercontent.com ip6:2600:1900::/35 ip4:126.96.36.199/20 ip4:188.8.131.52/21 ip4:184.108.40.206/23 ip4:220.127.116.11/20 ip4:18.104.22.168/19 ip4:22.214.171.124/11 ip4:126.96.36.199/14 ?all"
From this example, we see that both the
IP ranges can be used for App Engine traffic. Other queries for any additional netblocks may return
additional IP ranges.
Note that using static IP address filtering is not considered a safe and effective means of protection. For example, an attacker could set up a malicious App Engine app which could share the same IP address range as your application. Instead, we suggest that you take a defense in depth approach using OAuth and Certs.
Can I access my App Engine instance on a private IP address?
App Engine hosts your service on a dynamic public IP address of a Google load balancer. You can't access your service on private (RFC 1918) IP addresses.
How do I define cron jobs for my application?
What are task queues?
Task queues provide a mechanism for dynamically adding new requests to be fulfilled at a later point in time. If an app needs to execute some background work, it can use the Task Queue API to organize that work into small, discrete units called Tasks. Tasks are inserted into one or more Queues. App Engine automatically detects new Tasks and executes them when system resources permit. For more details, see the documentation for the Task Queue API (Java | Python | Go | PHP).
Can I use Google groups to grant access to my App Engine project?
If you add a Google group to your App Engine project, members of that group will have access to that project's resources, for example, Datastore, Task Queues, Memcache, etc.
How do I prevent users/subnets from accessing my app?
How do I get more information on application outages and accessibility issues with my application?
The Google Cloud Status Dashboard provides status information on the services that are part of Google Cloud Platform.
For China, App Engine accessibility may be intermittent. See the Google Transparency Report for accessibility issues on other Google products in China.