Issue HTTPS requests

This page describes how to issue HTTP(S) requests from your App Engine app using the URL Fetch service for second-generation runtimes.

Before following the instructions on this page, we recommend you use language idiomatic solutions to issue HTTP(S) requests before using the URL Fetch service. The primary use case for using the URL Fetch is when you want to issue HTTP(S) requests to another App Engine app and assert your app's identity on that request.

For details on request size limits and which headers are sent in a URL Fetch request, see Outbound requests.

Issue an HTTP request

Disable redirects

If you are using URL Fetch, the underlying URL Fetch service follows up to five redirects by default. These redirects could forward sensitive information, such as authorization headers, to the redirected destination. If your app does not require HTTP redirects, it is recommended that you disable the redirects.

Issue an HTTPS request

By default, the underlying URL Fetch service validates the certificate of the host it contacts, and rejects requests if the certificate doesn't match. You don't need to explicitly secure your request.

Issue a request to another App Engine app

When using URL Fetch to issue a request to another App Engine app, your app can assert its identity by adding the header X-Appengine-Inbound-Appid to the request.

If you instruct the URL Fetch service to not follow redirects, App Engine will add this header to requests automatically. See Disabling redirects for guidance on disabling redirects.

What's next

Learn about the URL Fetch service, such as the headers that are sent in a URL Fetch request in Outbound Requests.