According to the docs here: https://cloud.google.com/appengine/docs/java/tools/remoteapi
The Remote API uses it's own authentication mechanism and apparently doesn't need an auth-constraint in web.xml. Can someone from Google please confirm? Thanks -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/4d768485-a54a-43b5-ac7a-cd2e02e23276%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.