Hey Yair, The less secure way to allow your Android client to query your Datastore would be to directly allow the client access using the Datastore Client Library <https://cloud.google.com/datastore/docs/reference/libraries#client-libraries-install-java>. By using the Client Library directly in the client, you are trusting that the client will never be tampered with and that they will never perform any action that could harm your Datastore data.
Therefore as previously recommended, it is more secure to limit the requests your Android client is able to perform by creating your own API with set Datastore queries <https://cloud.google.com/appengine/docs/java/datastore/queries> that your App Engine instances make via Endpoints <https://cloud.google.com/endpoints/docs/frameworks/java/quickstart-frameworks-java>. By adding this layer, your Android clients simply make requests to your custom APIs running from App Engine instead of having direct access to the entire Datastore Client Library. For more information on how to make requests to your custom Endpoints from Android clients, you can view our Calling Endpoints tutorial <https://cloud.google.com/appengine/docs/java/endpoints/calling-from-android> . -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/1071c32a-7c06-4c89-92d9-e1f51707b4e1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
