As described in the documentation <https://cloud.google.com/iap/docs/concepts-overview#how_iap_works>, Cloud IAP is used for securing your applications with Google OAuth from all incoming requests (this includes external clients, and your own application as Attila mentioned).
Since your application cannot follow the OAuth redirect to login, it is therefore recommended to use Service Account authentication <https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_service_account> when making requests via code from your own application. As for your client-end AJAX sessions, you can follow the Managing Cloud IAP sessions <https://cloud.google.com/iap/docs/sessions-howto> to properly handle AJAX session refreshes. - Note: Google Groups is reserved for general product discussions and is not for technical support. For further technical support in coding your application with Cloud IAP, it is recommended to post your detailed questions <https://stackoverflow.com/help/how-to-ask> to Stack Exchange <https://cloud.google.com/support/docs/stackexchange> using the supported Cloud tags. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/3a51f40b-0cd9-4373-bdc0-be26547449f1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.