How do I restrict Google App Engine Endpoints API access to only my Android applications?

Question

I am an Android developer building my first Google App Engine (java) back-end for my apps. I don\'t want anybody else to access this API other than my app. (I plan to use Ap

Answer 1

Facing the same problem, here are the result of my research :

• Added Android cliend id with SHA1 fingerprint in Google console
• Use of it in the API annotation

BUT :

• If i dont add user parameter to methods : the check about android app client id does not work

• If I add the USER parameter but do not ask the user to choose its google account to create the credential ... also it does not work ...

Conclusion : It seems to be mandatory to connect a user account for the check about the app client id to be executed ... I really do not understand why because no link exist between the 2 processes