Allows cookie authentication to be used for the API. By default, API
methods do not allow cookie authentication, and require the use of
OAuth2. Setting this field to true will allow cookies to be used
to access the API, with potentially dangerous results. Please be very
cautious in enabling this setting, and make sure to require appropriate
XSRF tokens to protect your API.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-28 UTC."],[[["\u003cp\u003eThe \u003ccode\u003e@ApiAuth\u003c/code\u003e annotation configures authentication for APIs, enabling control over how they are accessed.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eallowCookieAuth\u003c/code\u003e element, when set to \u003ccode\u003etrue\u003c/code\u003e, permits cookie-based authentication, which defaults to being disabled, requiring OAuth2 instead.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eblockedRegions\u003c/code\u003e element allows the specification of ISO region codes, restricting API access from those specific geographical areas, defaulting to allowing all regions.\u003c/p\u003e\n"],["\u003cp\u003eBy default, the \u003ccode\u003eallowCookieAuth\u003c/code\u003e setting is set to \u003ccode\u003eUNSPECIFIED\u003c/code\u003e and the \u003ccode\u003eblockedRegions\u003c/code\u003e default value is an empty set, representing no regions blocked.\u003c/p\u003e\n"]]],[],null,["# ApiAuth\n\ncom.google.api.server.spi.config\n\nAnnotation Type ApiAuth\n-----------------------\n\n-\n\n *** ** * ** ***\n\n \u003cbr /\u003e\n\n ```\n @Retention(value=RUNTIME)\n @Target(value=TYPE)\n public @interface ApiAuth\n ``` \nAnnotation for API authentication configuration. \n-\n -\n\n ### Optional Element Summary\n\n-\n -\n\n ### Element Detail\n\n\n -\n\n #### allowCookieAuth\n\n ```\n public abstract AnnotationBoolean allowCookieAuth\n ``` \n Allows cookie authentication to be used for the API. By default, API methods do not allow cookie authentication, and require the use of OAuth2. Setting this field to `true` will allow cookies to be used to access the API, with potentially dangerous results. Please be very cautious in enabling this setting, and make sure to require appropriate XSRF tokens to protect your API.\n\n Default:\n : com.google.api.server.spi.config.AnnotationBoolean.UNSPECIFIED\n\n \u003c!-- --\u003e\n\n -\n\n -\n\n #### blockedRegions\n\n ```\n public abstract java.lang.String[] blockedRegions\n ``` \n A list of ISO region codes to block. By default, APIs allow all regions.\n\n Default:\n : {}"]]