App Engine's Python 2.7 runtime had a very convenient way of asserting the identity of an application to another App Engine application.

As described in the above link, using the app_identity library of the google.appengine.api package I was able to obtain and insert the auth_token into the urlfetch headers. When receiving requests I could verify the X-Appengine-Inbound-Appid header info.

I understand urlfetch and the google.appengine.api package are not available in the Python 3.7 runtime.

My app consists of several GAE projects, so I used this method to verify the identity of api calls between my projects (i.e so I do not need it for external APIs / services). What would be the recommended approach of doing this in App Engine's Python 3.7 runtime?

0 Answers