Uploaded byasync_io
3,876 views

Lessons Learned from Building a REST API on Google App Engine

This document summarizes lessons learned from building a REST API on Google App Engine using Golang. Key points include: - Gorilla Mux was used for routing to handle parameters and HTTP methods. - The gorca library helped with REST response formatting and error logging. - Gomniauth and JWT were used to support OAuth2 authentication with providers beyond Google. - Middleware was implemented to handle authorization by checking user roles. - Various Google App Engine APIs were leveraged, though some were deprecated over time.

Downloaded 14 times
Lessons Learned from Building a REST API on Google App Engine Jonathan Altman Presentation to GolangDC-October 29, 2015
Whitenoise Market Webapp • White Noise by TMSoft (http://www.tmsoft.com/white-noise/) is the leading sleeping app for iOS,Android, Mac, and Windows • Customer wanted a way to: • Allow users to download additional content to the app • Create a vibrant community for users to interact with each other • Scale to the large demand of existing users
White Noise Market App
Project • Build a RESTful API to drive Whitenoise Market’s web front-end • Angular SPA front end, also built as part of the project • User authentication with Google or Facebook account—OAuth2 • Role-based authorization • Implied: customer will use the API from a native mobile client as well • Golang on Google App Engine, leverage their APIs
Sample Calls • GET /api/items — get all items • GET /api/item/item_id — get data about the item with id item_id
GAE via Golang • Project was approx. 6 person/weeks 2nd 1/2 2014, including front end • Customer specification based on their research • Inherited solid proof of concept app, but no firm API • GAE golang support was still beta, long term support indeterminate • Actual GAE API usage calls: outside the scope of this talk (but see https://cloud.google.com/appengine/docs/go/)
Issues • Package management • Routing • REST response formulation/error logging • OAuth2 support for providers other than Google • Authorization • Miscellaneous
Package Management • goapp get not go get • Not building an exe locally, packages need to be in source tree uploaded to GAE - feels weird compared to golang philosophy
Routing — GAE has choices • Prefix hostname with module — exposing internals • Dispatch file: dispatch.yaml — 10 routing rules max • Roll your own — just start matching URLs in the main dispatch handler in your golang code • or… • and remember: Google Cloud Endpoints were not yet a thing. Probably the way to go today
RollYour Own Router
3rd Party Router: Gorilla mux! • http://www.gorillatoolkit.org/pkg/mux • Gorilla web toolkit has a bunch of other nice parts • Other 3rd party router libraries probably work fine • Parameterization, method control • GAE takes care of a lot of other things Gorilla toolkit provides r.HandleFunc("/api/comments/{sid}",  handleGetComments).Methods("GET")
 r.HandleFunc(“/api/comments/{sid}",  aihttphelper.AuthenticatedEndpoint(HandleAddComment)).Methods("PUT")
REST Status/Response Logging • Standard REST success and error responses • gorca — https://github.com/icub3d/gorca • gorca.LogAndMessage: Logs console message and returns short message plus status code • gorca.WriteJSON: succesful responses gorca.LogAndMessage(c,  w,  r,  err,  "error",  "not_authenticated",  http.StatusUnauthorized)   gorca.LogAndMessage(c,  w,  r,  err,  "error",  err.Error(),  http.StatusBadRequest)   gorca.WriteJSON(c,  w,  r,  map[string]interface{}{“status”:  "OK",  "tagAdded":  tagValue})  
OAuth2 Support - gomniauth • GAE does OAuth2 authentication…only for Google • gomniauth does OAuth2 authentication for multiple providers, including google (https://github.com/stretchr/gomniauth) • jwt for HTTP Bearer Token — (https://github.com/dgrijalva/jwt-go) • Accepted pull request in gomniauth allows setting http Transport used because the GAE runtime replaces net/http’s DefaultTransport with a context-based one https://github.com/stretchr/gomniauth/pull/23)
gomniauth Patch • You have to fetch a Transport with the current requests’ GAE context, and pass that to gomniauth before doing authentication • See https://github.com/jonathana/gomniauth/commit/ 3e2e23995b035e26bbd58a0f56cb2b2d61dbe993 for details/usage
Authorization • Separate from authentication. What a user can do, once we know who the user is • Wrapper function shown before: • “Middleware” takes a target function with an extra argument beyond the normal HTTP request handler for the authenticated user information, and returns a normal HTTP handler function that does the authorization check and runs the target function if authorized • Factory functions encapsulated role info, but could pass in ACL data r.HandleFunc(“/api/comments/{sid}",  aihttphelper.AuthenticatedEndpoint(HandleAddComment)).Methods("PUT")
Authorization Middlewaretype  AiHandlerFunc  func(appengine.Context,  http.ResponseWriter,  *http.Request,  *aitypes.AIUserInfo)   func  generateAuthenticatedEndpoint(h  AiHandlerFunc,  requiredRoles  aitypes.RoleValue)  http.HandlerFunc  {
   return  func(w  http.ResponseWriter,  r  *http.Request)  {
     c  :=  appengine.NewContext(r)
   
     authUser,  err  :=  AuthenticateRequest(c,  r)
     if  (err  !=  nil)  {
       gorca.LogAndFailed(c,  w,  r,  err)
       return
     }
     //  401  User  not  authenticated     if  (authUser  ==  nil)  {
       http.Error(w,  "",  http.StatusUnauthorized)
       return
     }
     //  403  User  not  authorized  (authenticated,  but  no  permission  to  resource)
     if  (requiredRoles  >  0  &&  !(hasRole(authUser,  requiredRoles))  {
       http.Error(w,  "",  http.StatusForbidden)
       return
     }
   
     //  User  is  authenticated  and  authorized
     h(c,  w,  r,  authUser)
   }
 }   func  AuthenticatedEndpoint(h  WnHandlerFunc)  http.HandlerFunc  {
   return  generateAuthenticatedEndpoint(h,  0)
 }
Miscellaneous • Concurrency: ignored as a premature optimization. Issues with urlfetch.Transport led to concern on runtime support/research time • GAE API deprecation: not golang specific, but several APIs in use were deprecated post-project and had to be replaced (blobstore) • GAE appears to be going to more of an a la carte model where existing components are replaced with general GCE equivalents • Google Cloud Endpoints were not available at the time
Miscellaneous, cont. • You’ll be playing with the JSON serialization properties. Javascript<- >go naming rules mismatch: nobody wants Javascript properties to begin with capital letters. Also, I tend to prefer map[string]interface{} over defined structs where I can • Using appengine.Context. You will need to, almost everywhere, whether it’s for working with datastore, making outbound http requests, or logging via its .Infof() call
ThankYou! email: jonathan@async.io github: jonathana twitter: @async_io

More Related Content

KEY
Using Jython To Prototype Mahout Code
byasync_io
 
PPTX
Rapid Application Development on Google App Engine for Java
byKunal Dabir
 
PDF
Rails assets revisited
byerichsen
 
PDF
[Kotlin Serverless 工作坊] 單元 4 - 實作 RSS Aggregator
byShengyou Fan
 
PDF
Google App Engine
byLennon Shimokawa
 
PDF
Fact-Based Monitoring - PuppetConf 2014
byPuppet
 
PDF
老派浪漫:用 Kotlin 寫 Command Line 工具
byShengyou Fan
 
PPTX
habitat at docker bud
byMandi Walls
 
Using Jython To Prototype Mahout Code
byasync_io
 
Rapid Application Development on Google App Engine for Java
byKunal Dabir
 
Rails assets revisited
byerichsen
 
[Kotlin Serverless 工作坊] 單元 4 - 實作 RSS Aggregator
byShengyou Fan
 
Google App Engine
byLennon Shimokawa
 
Fact-Based Monitoring - PuppetConf 2014
byPuppet
 
老派浪漫:用 Kotlin 寫 Command Line 工具
byShengyou Fan
 
habitat at docker bud
byMandi Walls
 

What's hot

PPTX
One code Web, iOS, Android
byArtem Marchenko
 
PDF
A User Interface for adding Machine Learning tools into GitHub
byRumyana Rumenova
 
PDF
JHipster
byYuen-Kuei Hsueh
 
PDF
Ktor 部署攻略 - 老派 Fat Jar 大法
byShengyou Fan
 
PDF
2d web mapping with flask
byCharmyne Mamador
 
PDF
JAX 2013: Introducing Eclipse Orion
bymartinlippert
 
PDF
PyCon Israel - Launch Jupyter to the Cloud
byCheuk Ting Ho
 
PDF
Spring Tooling: What's new and what's coming
bymartinlippert
 
PDF
Azkaban
bywyukawa
 
PDF
Apache Airflow
bySumit Maheshwari
 
PDF
Automate your business
byzmoog
 
PDF
用 OPENRNDR 將 Chatbot 訊息視覺化
byShengyou Fan
 
PDF
Jenkins-Koji plugin presentation on Python & Ruby devel group @ Brno
byVaclav Tunka
 
One code Web, iOS, Android
byArtem Marchenko
 
A User Interface for adding Machine Learning tools into GitHub
byRumyana Rumenova
 
JHipster
byYuen-Kuei Hsueh
 
Ktor 部署攻略 - 老派 Fat Jar 大法
byShengyou Fan
 
2d web mapping with flask
byCharmyne Mamador
 
JAX 2013: Introducing Eclipse Orion
bymartinlippert
 
PyCon Israel - Launch Jupyter to the Cloud
byCheuk Ting Ho
 
Spring Tooling: What's new and what's coming
bymartinlippert
 
Azkaban
bywyukawa
 
Apache Airflow
bySumit Maheshwari
 
Automate your business
byzmoog
 
用 OPENRNDR 將 Chatbot 訊息視覺化
byShengyou Fan
 
Jenkins-Koji plugin presentation on Python & Ruby devel group @ Brno
byVaclav Tunka
 

Viewers also liked

PDF
Guide to AngularJS Services - NOVA MEAN August 2014
byasync_io
 
PDF
Tori.fi - Datalähtöistä kasvua
byTori.fi
 
PDF
Building a Cauldron for Chef to Cook In
byasync_io
 
PDF
NOVA MEAN - Why the M in MEAN is a Significant Contributor to Its Success
byasync_io
 
PPT
Using npm to Manage Your Projects for Fun and Profit - USEFUL INFO IN NOTES!
byasync_io
 
KEY
Dcjq node.js presentation
byasync_io
 
PDF
Javascript Promises/Q Library
byasync_io
 
PDF
Google Cloud Platform for the Enterprise
byVMware Tanzu
 
PDF
gRPC: The Story of Microservices at Square
byApigee | Google Cloud
 
PDF
AngularJS Security: defend your Single Page Application
byCarlo Bonamico
 
Guide to AngularJS Services - NOVA MEAN August 2014
byasync_io
 
Tori.fi - Datalähtöistä kasvua
byTori.fi
 
Building a Cauldron for Chef to Cook In
byasync_io
 
NOVA MEAN - Why the M in MEAN is a Significant Contributor to Its Success
byasync_io
 
Using npm to Manage Your Projects for Fun and Profit - USEFUL INFO IN NOTES!
byasync_io
 
Dcjq node.js presentation
byasync_io
 
Javascript Promises/Q Library
byasync_io
 
Google Cloud Platform for the Enterprise
byVMware Tanzu
 
gRPC: The Story of Microservices at Square
byApigee | Google Cloud
 
AngularJS Security: defend your Single Page Application
byCarlo Bonamico
 

Similar to Lessons Learned from Building a REST API on Google App Engine

PPT
Varaprasad-Go
byVaraprasad Pemmasani
 
PPTX
How to Build Your First Web App in Go
byAll Things Open
 
PDF
Go Building Web Applications 1st Edition Nathan Kozyra Mat Ryer
byvagyonsostis
 
PDF
(Ebook) Go: Building Web Applications by Nathan Kozyra, Mat Ryer
byshalomhaihai
 
PDF
13 practical tips for writing secure golang applications
byKarthik Gaekwad
 
PDF
(Ebook) Go: Building Web Applications by Nathan Kozyra, Mat Ryer
bykpmafmxl5466
 
PDF
Instant Access to Go Building Web Applications 1st Edition Nathan Kozyra Mat ...
byflakquirin
 
PDF
Go Building Web Applications 1st Edition Nathan Kozyra Mat Ryer download pdf
byamzaevgamati
 
PPTX
Using Google App Engine Python
byAkshay Mathur
 
PDF
Go Building Web Applications 1st Edition Nathan Kozyra Mat Ryer
bynasliealgea
 
PDF
Download full Go Building Web Applications 1st Edition Nathan Kozyra Mat Ryer...
bysalsajidas
 
PDF
Build Android App using GCE & GAE
byLove Sharma
 
PDF
Building TweetEngine
byikailan
 
PDF
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
byCodemotion
 
PDF
Exploring Google APIs with Python & JavaScript
bywesley chun
 
PDF
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
byAdar Weidman
 
PPTX
Unit 3_detailed_automotiving_mobiles.pptx
byVijaySasanM21IT
 
PDF
Las maravillas de Google App Engine
bycoto
 
PDF
Introduction to App Engine Development
byRon Reiter
 
PDF
API Design & Security in django
byTareque Hossain
 
Varaprasad-Go
byVaraprasad Pemmasani
 
How to Build Your First Web App in Go
byAll Things Open
 
Go Building Web Applications 1st Edition Nathan Kozyra Mat Ryer
byvagyonsostis
 
(Ebook) Go: Building Web Applications by Nathan Kozyra, Mat Ryer
byshalomhaihai
 
13 practical tips for writing secure golang applications
byKarthik Gaekwad
 
(Ebook) Go: Building Web Applications by Nathan Kozyra, Mat Ryer
bykpmafmxl5466
 
Instant Access to Go Building Web Applications 1st Edition Nathan Kozyra Mat ...
byflakquirin
 
Go Building Web Applications 1st Edition Nathan Kozyra Mat Ryer download pdf
byamzaevgamati
 
Using Google App Engine Python
byAkshay Mathur
 
Go Building Web Applications 1st Edition Nathan Kozyra Mat Ryer
bynasliealgea
 
Download full Go Building Web Applications 1st Edition Nathan Kozyra Mat Ryer...
bysalsajidas
 
Build Android App using GCE & GAE
byLove Sharma
 
Building TweetEngine
byikailan
 
How To Structure Go Applications - Paul Bellamy - Codemotion Milan 2016
byCodemotion
 
Exploring Google APIs with Python & JavaScript
bywesley chun
 
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
byAdar Weidman
 
Unit 3_detailed_automotiving_mobiles.pptx
byVijaySasanM21IT
 
Las maravillas de Google App Engine
bycoto
 
Introduction to App Engine Development
byRon Reiter
 
API Design & Security in django
byTareque Hossain
 

Recently uploaded

PPTX
B2C TRAVEL BOOKING ENGINE | TRAVEL B2C ENGINE
byphilipnathen82
 
PPTX
𝐃𝐎𝐖𝐍𝐋𝐎𝐀𝐃-CapCut Pro Crack For PC Latest Version 2025-26
bychaudhryakashoo927
 
PPTX
CapCut Pro Crack 2025 Free Download {Fully Unlocked} .pptx
bychaudhryakashoo927
 
PPTX
Mobile App Development Company in Mumbai
byEmaginationz Technologies
 
PPTX
Budget-Friendly Facial Recognition Attendance System (Starts at 1SGD_Month).pptx
bymanchellamanasa36
 
PPTX
Internet Download Manager (IDM) Free key
byh12820234
 
PDF
Future-Proofing the PMO - Strategic Portfolio Management for 2026 and Beyond
byOnePlan Solutions
 
PDF
The Y Combinator, a Lightning Talk from GoLab 2025
byEleanor McHugh
 
PDF
Claude Code Best Practices _ Anthropic.pdf
byLolikana
 
PPTX
The Impact of AI on the Insurance Industry....pptx
byAnurag Mishra
 
PDF
API Testing Lessons from the Insurance Domain
byPeter Thomas
 
PPTX
Unit Testing and its contribution in the programming world.
bykejona5919
 
PPTX
Orion Context Broker introduction 20251007
byFermin Galan
 
PPTX
Digital_Divide_Brief_Presentation is good
byprofessorkayongo
 
PPTX
Empower Your Workforce with Remote Cloud PC Solutions
byvDesk.Works
 
PPTX
The Rise Of AI-Integrated Skill-Based Game Development In The UAE's Digital E...
byMaria Thomas
 
PDF
Devoxx Belgium 2025 - Making significant Software Architecture decisions
byBert Jan Schrijver
 
PDF
Bringing AI Agents to Life: GenAIOps in the Real World
byMaxim Salnikov
 
PDF
From Vulnerability to Victory: Mastering the CVE Lifecycle for Java Developers
byAnthony Dahanne
 
PDF
Beyond Ranking: Focus on Content and Query Understanding
byDaniel Tunkelang
 
B2C TRAVEL BOOKING ENGINE | TRAVEL B2C ENGINE
byphilipnathen82
 
𝐃𝐎𝐖𝐍𝐋𝐎𝐀𝐃-CapCut Pro Crack For PC Latest Version 2025-26
bychaudhryakashoo927
 
CapCut Pro Crack 2025 Free Download {Fully Unlocked} .pptx
bychaudhryakashoo927
 
Mobile App Development Company in Mumbai
byEmaginationz Technologies
 
Budget-Friendly Facial Recognition Attendance System (Starts at 1SGD_Month).pptx
bymanchellamanasa36
 
Internet Download Manager (IDM) Free key
byh12820234
 
Future-Proofing the PMO - Strategic Portfolio Management for 2026 and Beyond
byOnePlan Solutions
 
The Y Combinator, a Lightning Talk from GoLab 2025
byEleanor McHugh
 
Claude Code Best Practices _ Anthropic.pdf
byLolikana
 
The Impact of AI on the Insurance Industry....pptx
byAnurag Mishra
 
API Testing Lessons from the Insurance Domain
byPeter Thomas
 
Unit Testing and its contribution in the programming world.
bykejona5919
 
Orion Context Broker introduction 20251007
byFermin Galan
 
Digital_Divide_Brief_Presentation is good
byprofessorkayongo
 
Empower Your Workforce with Remote Cloud PC Solutions
byvDesk.Works
 
The Rise Of AI-Integrated Skill-Based Game Development In The UAE's Digital E...
byMaria Thomas
 
Devoxx Belgium 2025 - Making significant Software Architecture decisions
byBert Jan Schrijver
 
Bringing AI Agents to Life: GenAIOps in the Real World
byMaxim Salnikov
 
From Vulnerability to Victory: Mastering the CVE Lifecycle for Java Developers
byAnthony Dahanne
 
Beyond Ranking: Focus on Content and Query Understanding
byDaniel Tunkelang
 

Lessons Learned from Building a REST API on Google App Engine

  • 1.
    Lessons Learned fromBuilding a REST API on Google App Engine Jonathan Altman Presentation to GolangDC-October 29, 2015
  • 2.
    Whitenoise Market Webapp •White Noise by TMSoft (http://www.tmsoft.com/white-noise/) is the leading sleeping app for iOS,Android, Mac, and Windows • Customer wanted a way to: • Allow users to download additional content to the app • Create a vibrant community for users to interact with each other • Scale to the large demand of existing users
  • 4.
  • 5.
    Project • Build aRESTful API to drive Whitenoise Market’s web front-end • Angular SPA front end, also built as part of the project • User authentication with Google or Facebook account—OAuth2 • Role-based authorization • Implied: customer will use the API from a native mobile client as well • Golang on Google App Engine, leverage their APIs
  • 6.
    Sample Calls • GET/api/items — get all items • GET /api/item/item_id — get data about the item with id item_id
  • 7.
    GAE via Golang •Project was approx. 6 person/weeks 2nd 1/2 2014, including front end • Customer specification based on their research • Inherited solid proof of concept app, but no firm API • GAE golang support was still beta, long term support indeterminate • Actual GAE API usage calls: outside the scope of this talk (but see https://cloud.google.com/appengine/docs/go/)
  • 8.
    Issues • Package management •Routing • REST response formulation/error logging • OAuth2 support for providers other than Google • Authorization • Miscellaneous
  • 9.
    Package Management • goappget not go get • Not building an exe locally, packages need to be in source tree uploaded to GAE - feels weird compared to golang philosophy
  • 10.
    Routing — GAEhas choices • Prefix hostname with module — exposing internals • Dispatch file: dispatch.yaml — 10 routing rules max • Roll your own — just start matching URLs in the main dispatch handler in your golang code • or… • and remember: Google Cloud Endpoints were not yet a thing. Probably the way to go today
  • 11.
  • 12.
    3rd Party Router:Gorilla mux! • http://www.gorillatoolkit.org/pkg/mux • Gorilla web toolkit has a bunch of other nice parts • Other 3rd party router libraries probably work fine • Parameterization, method control • GAE takes care of a lot of other things Gorilla toolkit provides r.HandleFunc("/api/comments/{sid}",  handleGetComments).Methods("GET")
 r.HandleFunc(“/api/comments/{sid}",  aihttphelper.AuthenticatedEndpoint(HandleAddComment)).Methods("PUT")
  • 13.
    REST Status/Response Logging •Standard REST success and error responses • gorca — https://github.com/icub3d/gorca • gorca.LogAndMessage: Logs console message and returns short message plus status code • gorca.WriteJSON: succesful responses gorca.LogAndMessage(c,  w,  r,  err,  "error",  "not_authenticated",  http.StatusUnauthorized)   gorca.LogAndMessage(c,  w,  r,  err,  "error",  err.Error(),  http.StatusBadRequest)   gorca.WriteJSON(c,  w,  r,  map[string]interface{}{“status”:  "OK",  "tagAdded":  tagValue})  
  • 14.
    OAuth2 Support -gomniauth • GAE does OAuth2 authentication…only for Google • gomniauth does OAuth2 authentication for multiple providers, including google (https://github.com/stretchr/gomniauth) • jwt for HTTP Bearer Token — (https://github.com/dgrijalva/jwt-go) • Accepted pull request in gomniauth allows setting http Transport used because the GAE runtime replaces net/http’s DefaultTransport with a context-based one https://github.com/stretchr/gomniauth/pull/23)
  • 15.
    gomniauth Patch • Youhave to fetch a Transport with the current requests’ GAE context, and pass that to gomniauth before doing authentication • See https://github.com/jonathana/gomniauth/commit/ 3e2e23995b035e26bbd58a0f56cb2b2d61dbe993 for details/usage
  • 16.
    Authorization • Separate fromauthentication. What a user can do, once we know who the user is • Wrapper function shown before: • “Middleware” takes a target function with an extra argument beyond the normal HTTP request handler for the authenticated user information, and returns a normal HTTP handler function that does the authorization check and runs the target function if authorized • Factory functions encapsulated role info, but could pass in ACL data r.HandleFunc(“/api/comments/{sid}",  aihttphelper.AuthenticatedEndpoint(HandleAddComment)).Methods("PUT")
  • 17.
    Authorization Middlewaretype  AiHandlerFunc  func(appengine.Context,  http.ResponseWriter,  *http.Request,  *aitypes.AIUserInfo)   func  generateAuthenticatedEndpoint(h  AiHandlerFunc,  requiredRoles  aitypes.RoleValue)  http.HandlerFunc  {
   return  func(w  http.ResponseWriter,  r  *http.Request)  {
     c  :=  appengine.NewContext(r)
   
     authUser,  err  :=  AuthenticateRequest(c,  r)
     if  (err  !=  nil)  {
       gorca.LogAndFailed(c,  w,  r,  err)
       return
     }
     //  401  User  not  authenticated     if  (authUser  ==  nil)  {
       http.Error(w,  "",  http.StatusUnauthorized)
       return
     }
     //  403  User  not  authorized  (authenticated,  but  no  permission  to  resource)
     if  (requiredRoles  >  0  &&  !(hasRole(authUser,  requiredRoles))  {
       http.Error(w,  "",  http.StatusForbidden)
       return
     }
   
     //  User  is  authenticated  and  authorized
     h(c,  w,  r,  authUser)
   }
 }   func  AuthenticatedEndpoint(h  WnHandlerFunc)  http.HandlerFunc  {
   return  generateAuthenticatedEndpoint(h,  0)
 }
  • 18.
    Miscellaneous • Concurrency: ignoredas a premature optimization. Issues with urlfetch.Transport led to concern on runtime support/research time • GAE API deprecation: not golang specific, but several APIs in use were deprecated post-project and had to be replaced (blobstore) • GAE appears to be going to more of an a la carte model where existing components are replaced with general GCE equivalents • Google Cloud Endpoints were not available at the time
  • 19.
    Miscellaneous, cont. • You’llbe playing with the JSON serialization properties. Javascript<- >go naming rules mismatch: nobody wants Javascript properties to begin with capital letters. Also, I tend to prefer map[string]interface{} over defined structs where I can • Using appengine.Context. You will need to, almost everywhere, whether it’s for working with datastore, making outbound http requests, or logging via its .Infof() call
  • 20.