Thanks. I already had https enabled. That was straightforward from GAE docs. What I was trying to do is to prevent anyone from hitting my appengine urls other than customers who use our mobile app on phones. I could use some public/private key on handset and server and control who can access the urls. I also successfully tried ClientLogin interface to use appengine's OAuth API and send a valid token as part of every request.
-- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine-java/-/A4QB6LWRXKUJ. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.