Stay organized with collections
Save and categorize content based on your preferences.
Region ID
The REGION_ID is an abbreviated code that Google assigns
based on the region you select when you create your app. The code does not
correspond to a country or province, even though some region IDs may appear
similar to commonly used country and province codes. For apps created after
February 2020, REGION_ID.r is included in
App Engine URLs. For existing apps created before this date, the
region ID is optional in the URL.
This page describes how to issue HTTP(S) requests from your App Engine
app using the URL Fetch service for second-generation runtimes.
Before following the instructions on this page, we recommend you use language
idiomatic solutions to issue HTTP(S) requests before using the URL Fetch
service. The primary use case for using the URL Fetch is when you want to
issue HTTP(S) requests to another App Engine app
and assert your app's identity on that request.
For details on request size limits and which headers are sent in a URL Fetch
request, see Outbound requests.
Issue an HTTP request
Disable redirects
If you are using URL Fetch, the underlying URL Fetch service follows up to five
redirects by default. These redirects could forward sensitive information, such
as authorization headers, to the redirected destination. If your app does not
require HTTP redirects, it is recommended that you disable the redirects.
Issue an HTTPS request
By default, the underlying URL Fetch service validates the certificate
of the host it contacts, and rejects requests if the certificate
doesn't match. You don't need to explicitly secure your request.
Issue a request to another App Engine app
When using URL Fetch to issue a request to another App Engine app, your
app can assert its identity by adding the header X-Appengine-Inbound-Appid to
the request.
If you instruct the URL Fetch service to not follow redirects, App Engine
will add this header to requests automatically.
See Disabling redirects for guidance on disabling
redirects.
What's next
Learn about the URL Fetch service, such as the headers that are
sent in a URL Fetch request in
Outbound Requests.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eREGION_ID\u003c/code\u003e is a Google-assigned code based on the selected region when creating an app, and it is included in App Engine URLs for apps created after February 2020.\u003c/p\u003e\n"],["\u003cp\u003eThe URL Fetch service, used for issuing HTTP(S) requests, is mainly recommended when making requests to another App Engine app and asserting your app's identity.\u003c/p\u003e\n"],["\u003cp\u003eFor enhanced security, it is advisable to disable HTTP redirects when using the URL Fetch service, as it may forward sensitive data, and the service follows up to five redirects by default.\u003c/p\u003e\n"],["\u003cp\u003eWhen making requests to another App Engine application, utilize the \u003ccode\u003eREGION_ID.r.appspot.com\u003c/code\u003e domain rather than a custom domain for your app.\u003c/p\u003e\n"],["\u003cp\u003eThe URL fetch service can be used for second-generation runtimes and first-generation runtimes when upgrading to corresponding second-generation runtimes.\u003c/p\u003e\n"]]],[],null,["# Issue HTTPS requests\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\nGo Java PHP Python \n\n### Region ID\n\nThe \u003cvar translate=\"no\"\u003eREGION_ID\u003c/var\u003e is an abbreviated code that Google assigns\nbased on the region you select when you create your app. The code does not\ncorrespond to a country or province, even though some region IDs may appear\nsimilar to commonly used country and province codes. For apps created after\nFebruary 2020, \u003cvar translate=\"no\"\u003eREGION_ID\u003c/var\u003e`.r` is included in\nApp Engine URLs. For existing apps created before this date, the\nregion ID is optional in the URL.\n\nLearn more\n[about region IDs](/appengine/docs/standard/python/how-requests-are-routed#region-id). \nOK\n| This API is supported for first-generation runtimes and can be used when [upgrading to corresponding second-generation runtimes](/appengine/docs/standard/\n|\n| /services/access). If you are updating to the App Engine runtime, refer to the [Upgrade to second-generation runtimes]() page to learn about your migration options for legacy bundled services.\n\nThis page describes how to issue HTTP(S) requests from your App Engine\napp using the URL Fetch service for second-generation runtimes.\n\nBefore following the instructions on this page, we recommend you use language\nidiomatic solutions to issue HTTP(S) requests before using the URL Fetch\nservice. The primary use case for using the URL Fetch is when you want to\n[issue HTTP(S) requests to another App Engine app](#another-app)\nand assert your app's identity on that request.\n\nFor details on request size limits and which headers are sent in a URL Fetch\nrequest, see [Outbound requests](/appengine/docs/standard/services/urlfetch/outbound-requests).\n\nIssue an HTTP request\n---------------------\n\n### Disable redirects\n\n| **Important:** To improve the security of your app, it is recommended that you disable redirects.\n\nIf you are using URL Fetch, the underlying URL Fetch service follows up to five\nredirects by default. These redirects could forward sensitive information, such\nas authorization headers, to the redirected destination. If your app does not\nrequire HTTP redirects, it is recommended that you disable the redirects.\n\nIssue an HTTPS request\n----------------------\n\nBy default, the underlying URL Fetch service validates the certificate\nof the host it contacts, and rejects requests if the certificate\ndoesn't match. You don't need to explicitly secure your request.\n\nIssue a request to another App Engine app\n-----------------------------------------\n\nWhen using URL Fetch to issue a request to another App Engine app, your\napp can assert its identity by adding the header `X-Appengine-Inbound-Appid` to\nthe request.\n\nIf you instruct the URL Fetch service to not follow redirects, App Engine\nwill add this header to requests automatically.\nSee [Disabling redirects](#disabling_redirects) for guidance on disabling\nredirects.\n| **Note:** If you are making requests to another App Engine application, use its \u003cvar translate=\"no\"\u003e\u003ca href=\"#appengine-urls\" style=\"border-bottom: 1px dotted #999\" class=\"devsite-dialog-button\" data-modal-dialog-id=\"regional_url\" track-type=\"progressiveHelp\" track-name=\"modalHelp\" track-metadata-goal=\"regionalURL\"\u003eREGION_ID\u003c/a\u003e\u003c/var\u003e`.r.appspot.com` domain name rather than a custom domain for your app.\n\nWhat's next\n-----------\n\nLearn about the URL Fetch service, such as the headers that are\nsent in a URL Fetch request in\n[Outbound Requests](/appengine/docs/standard/services/urlfetch/outbound-requests)."]]
