Go 1.11 has reached end of support
and will be deprecated
on January 31, 2026. After deprecation, you won't be able to deploy Go 1.11
applications, even if your organization previously used an organization policy to
re-enable deployments of legacy runtimes. Your existing Go
1.11 applications will continue to run and receive traffic after their
deprecation date. We
recommend that you migrate to the latest supported version of Go.
Stay organized with collections
Save and categorize content based on your preferences.
Region ID
The REGION_ID is an abbreviated code that Google assigns
based on the region you select when you create your app. The code does not
correspond to a country or province, even though some region IDs may appear
similar to commonly used country and province codes. For apps created after
February 2020, REGION_ID.r is included in
App Engine URLs. For existing apps created before this date, the
region ID is optional in the URL.
This page describes how to issue HTTP(S) requests from your App Engine
app.
For details on request size limits and which headers are sent in a URL Fetch
request, see Outbound Requests.
Issue an HTTP request
To issue an outbound HTTP request, use the http package as usual,
but create your client using urlfetch.Client. urlfetch.Client
returns an *http.Client that uses urlfetch.Transport, which is
an implementation of the
http.RoundTripper interface
that makes requests using the URL Fetch API.
The following snippet demonstrates how to perform a basic HTTP GET request:
import("fmt""net/http""google.golang.org/appengine""google.golang.org/appengine/urlfetch")funchandler(whttp.ResponseWriter,r*http.Request){ctx:=appengine.NewContext(r)client:=urlfetch.Client(ctx)resp,err:=client.Get("https://www.google.com/")iferr!=nil{http.Error(w,err.Error(),http.StatusInternalServerError)return}fmt.Fprintf(w,"HTTP GET returned status %v",resp.Status)}
Disable redirects
If you are using URL Fetch, the underlying URL Fetch service follows up to five
redirects by default. These redirects could forward sensitive information, such
as authorization headers, to the redirected destination. If your app does not
require HTTP redirects, it is recommended that you disable the redirects.
To instruct the URL Fetch service to not follow redirects, set the
CheckRedirect field of the http.Client
returned from the
urlfetch package
to return http.ErrUseLastResponse.
This applies to appengine/urlfetch and appengine/v2/urlfetch. For example:
By default, the underlying URL Fetch service validates the certificate
of the host it contacts, and rejects requests if the certificate
doesn't match. You don't need to explicitly secure your request.
Disable host certificate validation
To disable automatic host certificate validation, you can manually create a
Transport and set
AllowInvalidServerCertificate to true.
Issue a request to another App Engine app
When issuing a request to another App Engine app, your App Engine app
must assert its identity by adding the header X-Appengine-Inbound-Appid
to the request.
If you instruct the URL Fetch service to not follow redirects, App Engine
will add this header to requests automatically.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003e\u003ccode\u003eREGION_ID\u003c/code\u003e is a Google-assigned code based on the region selected when creating an app, not corresponding to a specific country or province, and it is included in App Engine URLs for apps created after February 2020.\u003c/p\u003e\n"],["\u003cp\u003eApp Engine apps can issue outbound HTTP requests using the \u003ccode\u003ehttp\u003c/code\u003e package, creating the client with \u003ccode\u003eurlfetch.Client\u003c/code\u003e, which uses \u003ccode\u003eurlfetch.Transport\u003c/code\u003e to make requests via the URL Fetch API.\u003c/p\u003e\n"],["\u003cp\u003eDisabling redirects in URL Fetch is recommended for enhanced security, as it prevents the potential forwarding of sensitive information to unintended destinations, and can be done by setting \u003ccode\u003eCheckRedirect\u003c/code\u003e to \u003ccode\u003ehttp.ErrUseLastResponse\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe URL Fetch service automatically validates host certificates for HTTPS requests, rejecting requests if the certificate doesn't match, and this validation can be disabled by manually creating a Transport and setting \u003ccode\u003eAllowInvalidServerCertificate\u003c/code\u003e to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eWhen sending a request to another App Engine app, your app needs to include the header \u003ccode\u003eX-Appengine-Inbound-Appid\u003c/code\u003e to assert its identity, which is done automatically if redirects are disabled.\u003c/p\u003e\n"]]],[],null,["# Issuing HTTP(S) Requests\n\n### Region ID\n\nThe \u003cvar translate=\"no\"\u003eREGION_ID\u003c/var\u003e is an abbreviated code that Google assigns\nbased on the region you select when you create your app. The code does not\ncorrespond to a country or province, even though some region IDs may appear\nsimilar to commonly used country and province codes. For apps created after\nFebruary 2020, \u003cvar translate=\"no\"\u003eREGION_ID\u003c/var\u003e`.r` is included in\nApp Engine URLs. For existing apps created before this date, the\nregion ID is optional in the URL.\n\nLearn more\n[about region IDs](/appengine/docs/legacy/standard/go111/how-requests-are-routed#region-id). \nOK\n\nThis page describes how to issue HTTP(S) requests from your App Engine\napp.\n| This API is supported for first-generation runtimes and can be used when [upgrading to corresponding second-generation runtimes](/appengine/docs/standard/\n| go\n| /services/access). If you are updating to the App Engine Go 1.12+ runtime, refer to the [migration guide](/appengine/migration-center/standard/migrate-to-second-gen/go-differences) to learn about your migration options for legacy bundled services.\nFor details on request size limits and which headers are sent in a URL Fetch request, see [Outbound Requests](/appengine/docs/legacy/standard/go111/outbound-requests).\n\nIssue an HTTP request\n---------------------\n\nTo issue an outbound HTTP request, use the `http` package as usual,\nbut create your client using `urlfetch.Client`. `urlfetch.Client`\nreturns an `*http.Client` that uses `urlfetch.Transport`, which is\nan implementation of the\n[http.RoundTripper interface](https://golang.org/pkg/net/http/#RoundTripper)\nthat makes requests using the URL Fetch API.\n\nThe following snippet demonstrates how to perform a basic HTTP `GET` request: \n\n import (\n \t\"fmt\"\n \t\"net/http\"\n\n \t\"google.golang.org/appengine\"\n \t\"google.golang.org/appengine/urlfetch\"\n )\n\n func handler(w http.ResponseWriter, r *http.Request) {\n \tctx := appengine.NewContext(r)\n \tclient := urlfetch.https://cloud.google.com/appengine/docs/legacy/standard/go111/reference/latest/urlfetch.html#google_golang_org_appengine_urlfetch_Client(ctx)\n \tresp, err := client.Get(\"https://www.google.com/\")\n \tif err != nil {\n \t\thttp.Error(w, err.Error(), http.StatusInternalServerError)\n \t\treturn\n \t}\n \tfmt.Fprintf(w, \"HTTP GET returned status %v\", resp.Status)\n }\n\n### Disable redirects\n\n| **Important:** To improve the security of your app, it is recommended that you disable redirects.\n\nIf you are using URL Fetch, the underlying URL Fetch service follows up to five\nredirects by default. These redirects could forward sensitive information, such\nas authorization headers, to the redirected destination. If your app does not\nrequire HTTP redirects, it is recommended that you disable the redirects.\n\nTo instruct the URL Fetch service to not follow redirects, set the\n[`CheckRedirect`](https://pkg.go.dev/net/http#Client) field of the `http.Client`\nreturned from the\n[`urlfetch` package](/appengine/docs/legacy/standard/go111/reference/latest/urlfetch#functions)\nto return `http.ErrUseLastResponse`.\nThis applies to `appengine/urlfetch` and `appengine/v2/urlfetch`. For example: \n\n client := urlfetch.Client(ctx)\n client.CheckRedirect = func(*http.Request, []*http.Request) error {\n return http.ErrUseLastResponse\n }\n\nIssue an HTTPS request\n----------------------\n\nBy default, the underlying URL Fetch service validates the certificate\nof the host it contacts, and rejects requests if the certificate\ndoesn't match. You don't need to explicitly secure your request.\n\n### Disable host certificate validation\n\nTo disable automatic host certificate validation, you can manually create a\n[Transport](/appengine/docs/legacy/standard/go/urlfetch/reference#Transport) and set\n`AllowInvalidServerCertificate` to `true`.\n\nIssue a request to another App Engine app\n-----------------------------------------\n\nWhen issuing a request to another App Engine app, your App Engine app\nmust assert its identity by adding the header `X-Appengine-Inbound-Appid`\nto the request.\nIf you instruct the URL Fetch service to not follow redirects, App Engine\nwill add this header to requests automatically.\n\nSee [Disabling redirects](#disabling_redirects) for guidance on disabling\nredirects.\n| **Note:** If you are making requests to another App Engine application, use its \u003cvar translate=\"no\"\u003e\u003ca href=\"#appengine-urls\" style=\"border-bottom: 1px dotted #999\" class=\"devsite-dialog-button\" data-modal-dialog-id=\"regional_url\" track-type=\"progressiveHelp\" track-name=\"modalHelp\" track-metadata-goal=\"regionalURL\"\u003eREGION_ID\u003c/a\u003e\u003c/var\u003e`.r.appspot.com` domain name rather than a custom domain for your app.\n\nWhat's next\n-----------\n\nLearn about the URL Fetch service, such as the headers that are\nsent in a URL Fetch request in [Outbound Requests](/appengine/docs/legacy/standard/go111/outbound-requests)."]]