App Engine Admin API

Name: App Engine Admin API API
Brand: App Engine Admin API
Availability: InStock

✓ Official Vendor SpecCloud InfrastructureServerlessoauth243 EndpointsREST

For Agents

Provision App Engine apps, deploy versions, split traffic across services, and manage domains, certificates, and firewall rules. Useful for agents managing serverless deploys on App Engine.

Quickstart

Get started with App Engine Admin API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"split app engine traffic between two versions"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with App Engine Admin API API.

Create App Engine applications and configure default settings

Deploy new versions and migrate traffic between them

Split traffic between versions for canary or A/B rollouts

Attach authorized SSL certificates to custom domains

Configure firewall ingress rules at the application level

GET STARTED

Start building with App Engine Admin API API

Explore with Jentic

View OpenAPI Document

Use Cases

Patterns agents use App Engine Admin API API for, with concrete tasks.

★ Canary and traffic splitting

Engineering deploys a new version, sends 5 percent of traffic to it, monitors errors, then steps the split up to 25, 50, and finally 100 percent. The traffic split endpoint takes a map of version IDs to fractions, so the agent ratchets the rollout in scripted steps rather than redeploying each time.

Patch service 'orders' under app 'my-app' with traffic split {v41: 0.9, v42: 0.1} and confirm via the returned operation.

Custom domain and SSL automation

Teams map custom domains to App Engine services and rotate managed SSL certificates without leaving CI. Authorized domains, domain mappings, and authorized certificates are first-class resources, so cert renewal pipelines target the API rather than scripting console clicks.

Create a domain mapping for orders.example.com on app 'my-app' bound to authorized certificate certs/cert-123.

Ingress firewall hardening

Security tightens public exposure by adding deny-by-default firewall rules and explicit allow rules for known IP ranges. The firewall ingress rules endpoints accept ordered priority entries so policy changes are auditable through Git rather than ad-hoc.

Create an ingress rule with priority 1000 on app 'my-app' denying 198.51.100.0/24 and confirm by listing rules.

AI agent deploy operator via Jentic

An AI agent acting as a deploy operator handles routine version migrations and cert renewals by calling Jentic-mediated App Engine operations. The agent never holds the project's service account JSON; Jentic vaults it and supplies short-lived scoped tokens.

On a Slack request 'roll out v42 to 100%', step traffic split from 10 to 50 to 100 percent on the orders service over 10 minutes and post each step in Slack.

Key Endpoints

43 endpoints — the app engine admin api provisions and manages developers' app engine applications.

METHOD

PATH

DESCRIPTION

POST

/v1/apps

Create an App Engine application

GET

/v1/apps/{appsId}

Get an App Engine application

GET

/v1/apps/{appsId}/authorizedCertificates

List authorized SSL certificates

GET

/v1/apps/{appsId}/authorizedDomains

List authorized domains

GET

/v1/apps/{appsId}/domainMappings

List custom domain mappings

GET

/v1/apps/{appsId}/firewall/ingressRules

List firewall ingress rules

DELETE

/v1/apps/{appsId}/authorizedCertificates/{authorizedCertificatesId}

Delete an authorized certificate

POST

/v1/apps

Create an App Engine application

GET

/v1/apps/{appsId}

Get an App Engine application

GET

/v1/apps/{appsId}/authorizedCertificates

List authorized SSL certificates

GET

/v1/apps/{appsId}/authorizedDomains

List authorized domains

GET

/v1/apps/{appsId}/domainMappings

List custom domain mappings

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google Cloud service account credentials are stored encrypted in the Jentic vault. Agents call App Engine Admin operations through Jentic with scoped access tokens; the JSON key never enters the agent context.

Intent-based discovery

Agents search Jentic with phrases like 'split app engine traffic' or 'add domain mapping' and Jentic returns the matching admin operation with its input schema, so the agent does not need the gcloud CLI or the full Cloud reference.

Time to first call

Direct integration: 1-3 days for IAM, gcloud setup, and operation polling. Through Jentic: under one hour to start running deploys, traffic splits, and domain mappings.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

API Gateway API

Fronts App Engine services with auth, quotas, and an OpenAPI contract.

Use App Engine for the backend; use API Gateway when you want a managed public API surface in front of it.

Complementary

App Hub API

Catalogs apps and the services (including App Engine services) that compose them.

Use App Engine to run the workload; use App Hub to register the application and its services for fleet-wide visibility.

Complementary

API Keys API

Provisions scoped API keys consumed by App Engine outbound calls.

Use App Engine for the runtime; use API Keys to mint and rotate the credentials those services use to call other Google APIs.

FAQs

Specific to using App Engine Admin API API through Jentic.

What authentication does the App Engine Admin API use?

OAuth 2.0 with Google Cloud credentials. Through Jentic the credentials are vaulted and exchanged for scoped access tokens at runtime.

Can I split traffic across versions with this API?

Yes. Patch the service resource with a traffic split that maps version IDs to fractional weights, with shardBy controlling stickiness. The returned operation completes when the new split is fully applied.

What are the rate limits for the App Engine Admin API?

Standard Google Cloud per-project per-minute quotas apply. Deploy and traffic operations are long-running; quota is consumed at issuance, not while polling the operation, so repeated polling is safe.

How do I migrate traffic to a new version through Jentic?

Search Jentic for 'app engine traffic split', load the schema for the services patch operation, and execute it with the service name and a split map (e.g. {v42: 1.0}). Jentic returns the operation handle for polling until the migration completes.

Is the App Engine Admin API free?

Management calls are free. App Engine itself bills for instance hours, requests, and outbound traffic according to App Engine pricing.

How do I add a custom domain with managed SSL?

Add the domain to authorizedDomains, create an authorizedCertificate (or use a managed certificate), then create a domainMapping bound to that certificate. The mapping returns the DNS records you must add at your registrar.