As far as i know there is nothing in appengine to do something like that (securize web services / API / endpoints ) you need to do it on your own.
I dont know your whole scenario, but a standard way to secure web services is oAuth2 with the Client Credentials flow (in your case, with no end users). This way the app that wants to call your services, needs to be identifyed before he can request nothing to you. What you need to do is oAuth provider in your server to handle all authentications and store clients keys and secrets. There are some good opensource libraries to handle all oAuth stuff If you dont want go that far, you can keep it simplier with an API-Key schema, but is less secure. Cheers On Wednesday, August 7, 2013 10:29:38 AM UTC+2, Thomas Bailey wrote: > > We have an appengine application that exposes a set of web service > endpoints. > We need to secure these endpoints such that only specific applications can > access them. This will be programmatic access, so there will be no user > involvement (i.e. no login screens). > > Looking at the documentation it seemed like service accounts would give us > this ability, however this only seems to give access to the google API. > > Is there a standard way to secure appengine web services, or do we need to > roll our own solution? > > Any pointers much appreciated! > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/groups/opt_out.