1

I'm using a CRON on AppEngine and the cron calls my web app at a specific app.

I only want to execute functionality when called by my AppEngine app.

What's is/are recommended approach to confirming that the caller is legitimate? I don't wish to rely on no one else knowing the specific URL.

Improve this question
2
  • is that IP of the CRON machine static? Commented Nov 8, 2013 at 15:05
  • 1
    @MathewFoscarini AppEngine doesn't expose Machine details. CodeCas ter has come back with an AppEngine-specific approach/solution. Commented Nov 8, 2013 at 15:34

2 Answers 2

Reset to default
3

You can avoid having to authenticate the request from cron at all.

  • Create a backend; let it be named cronbackend. Mark it as private.
  • Move your handler that cron needs to touch to that backend.
  • Now the URL has changed: instead of myapp.appspot.com/url it has become cronbackend-dot-myapp.appspot.com/url. Let cron use this URL.

Since your backend is private, it is not exposed to the outside world at all; only your frontend (your application), your cron, or manager of your queues can access it. Also, handlers on a backend can run for significantly longer.

Note that a backend and a frontend look like separate apps, are deployed independently, and billed separately. This allows for added flexibility, though.

Improve this answer
2

As explained in RESTful web service - how to authenticate requests from other services? on StackOverflow, you have to use a shared secret of some sort.

That can be a token, username and password or a client certificate for example.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.