Go 1.11 has reached end of support and will be deprecated on January 31, 2026. After deprecation, you won't be able to deploy Go 1.11 applications, even if your organization previously used an organization policy to re-enable deployments of legacy runtimes. Your existing Go 1.11 applications will continue to run and receive traffic after their deprecation date. We recommend that you migrate to the latest supported version of Go.

Issuing HTTP(S) Requests

Region ID

The REGION_ID is an abbreviated code that Google assigns based on the region you select when you create your app. The code does not correspond to a country or province, even though some region IDs may appear similar to commonly used country and province codes. For apps created after February 2020, REGION_ID.r is included in App Engine URLs. For existing apps created before this date, the region ID is optional in the URL.

Learn more about region IDs.

This page describes how to issue HTTP(S) requests from your App Engine app.

For details on request size limits and which headers are sent in a URL Fetch request, see Outbound Requests.

Issue an HTTP request

To issue an outbound HTTP request, use the http package as usual, but create your client using urlfetch.Client. urlfetch.Client returns an *http.Client that uses urlfetch.Transport, which is an implementation of the http.RoundTripper interface that makes requests using the URL Fetch API.

The following snippet demonstrates how to perform a basic HTTP GET request:

import (
	"fmt"
	"net/http"

	"google.golang.org/appengine"
	"google.golang.org/appengine/urlfetch"
)

func handler(w http.ResponseWriter, r *http.Request) {
	ctx := appengine.NewContext(r)
	client := urlfetch.Client(ctx)
	resp, err := client.Get("https://www.google.com/")
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
	fmt.Fprintf(w, "HTTP GET returned status %v", resp.Status)
}

Disable redirects

If you are using URL Fetch, the underlying URL Fetch service follows up to five redirects by default. These redirects could forward sensitive information, such as authorization headers, to the redirected destination. If your app does not require HTTP redirects, it is recommended that you disable the redirects.

To instruct the URL Fetch service to not follow redirects, set the CheckRedirect field of the http.Client returned from the urlfetch package to return http.ErrUseLastResponse. This applies to appengine/urlfetch and appengine/v2/urlfetch. For example:

client := urlfetch.Client(ctx)
client.CheckRedirect = func(*http.Request, []*http.Request) error {
  return http.ErrUseLastResponse
}

Issue an HTTPS request

By default, the underlying URL Fetch service validates the certificate of the host it contacts, and rejects requests if the certificate doesn't match. You don't need to explicitly secure your request.

Disable host certificate validation

To disable automatic host certificate validation, you can manually create a Transport and set AllowInvalidServerCertificate to true.

Issue a request to another App Engine app

When issuing a request to another App Engine app, your App Engine app must assert its identity by adding the header X-Appengine-Inbound-Appid to the request. If you instruct the URL Fetch service to not follow redirects, App Engine will add this header to requests automatically.

See Disabling redirects for guidance on disabling redirects.

What's next

Learn about the URL Fetch service, such as the headers that are sent in a URL Fetch request in Outbound Requests.