When you are using a Google API (such as the Prediction API) from a server-side app, the Google APIs Console lets you limit API requests to those originating from known IP addresses or ranges [1, 2]. If you set a whitelist and an API request comes from a non-whitelisted address, the request will be rejected.
This can be really useful if you use some Google APIs from browser-embedded JavaScript and other Google APIs only from server side. All APIs share the same API key which can be retrieved by examining or debugging your JavaScript. A malicious third party could learn your API key by viewing the source of your site and then use the key to issue calls to other Google APIs in your name, even if you only use those other APIs from your server-side app. Currently we cannot whitelist App Engine because the IP addresses used by the app servers, backends and the URL fetch service are not known in advance. I filed a request to add a button on the Google APIs console to whitelist App Engine. If you're interested, feel free to star it or add your comments: http://code.google.com/p/googleappengine/issues/detail?id=5219 [1] Google APIs Console, Quotas pane https://code.google.com/apis/console#:quotas [2] Google APIs Console Help, section "Whitelisting by IP Address (Server-side applications)" https://code.google.com/apis/console-help/#whitelistingbyip -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
