I’m working on a Flask application that uses Google Cloud Vertex AI Search and I want to host it on App Engine. Everything seems to work fine locally but I’m running into issues after deployment.
My Flask Application Structure
app.py
from flask import Flask, render_template
import os
web_app = Flask(__name__)
@web_app.route("/", methods=['GET', 'POST'])
def home_page():
return render_template("search.html")
if __name__ == '__main__':
web_app.run(host="0.0.0.0", port=int(os.environ.get("PORT", 8080)), debug=True)
After deploying to App Engine, when I click the search input field, it opens the Vertex AI search interface correctly. However, I immediately get this error message:
The search widget and datastore work perfectly in my local development environment. Has anyone encountered this authorization issue when moving from local testing to App Engine production? What configuration steps am I missing for the deployment?
Yeah, this authorization error got me too when I first deployed to App Engine. The domain whitelisting fix mentioned above works, but there’s another step people miss all the time. You need to add your App Engine domain to Vertex AI Search console’s authorized domains, but you also need to check your service account permissions. App Engine uses the default service account, which probably doesn’t have the Vertex AI Search permissions your local setup has through your personal creds. Hit up IAM in Google Cloud Console and make sure your App Engine default service account has “Discovery Engine Editor” or “Discovery Engine Viewer” role - whatever you need. I spent hours debugging domain settings before realizing the backend service calls were failing silently too. The widget auth and API permissions are two separate things that both need to be set up right for App Engine to work.
Domain authorization is such a headache. Yeah, you can whitelist domains in the Vertex AI console, but what about staging environments or custom domains?
I’ve hit this wall before with widget integrations. You’re basically trapped in Google’s ecosystem with zero flexibility. Requirements change, you need other services - you’re screwed.
Skip the Vertex AI headaches and build this with Latenode instead. Create workflows that hit multiple search APIs, handle auth properly, and deploy wherever you want. No domain restrictions.
Set up a workflow that takes search requests, calls your search service (Google, Elasticsearch, whatever), and sends results back to Flask. No widget limits, no whitelisting nonsense, and you can add search analytics or filtering easily.
Want to switch providers later or add multiple sources? Just modify the workflow instead of rebuilding your entire frontend.
After deploying your Flask application using Google Cloud Vertex AI Search to App Engine, the Vertex AI search interface opens correctly, but you receive an authorization error: “Configuration is not authorized on ‘myproject.uc.r.appspot.com’”. The search widget functions perfectly locally.
Step-by-Step Guide:
Whitelist your App Engine Domain in Vertex AI Search: The most likely cause of this error is that your App Engine domain isn’t whitelisted in your Vertex AI Search configuration. To fix this:
Go to the Google Cloud Console.
Navigate to Vertex AI.
Select your Search Index.
Find the “Integrations” or “Widget” settings (the exact name might vary slightly).
Locate the section for authorized domains or similar.
Add your App Engine domain, myproject.uc.r.appspot.com, to the list of authorized domains. Make sure to use the exact domain name from your error message.
Save your changes. It may take a few minutes for the changes to propagate.
Verify App Engine Service Account Permissions: Even with the correct domain whitelisting, the error persists if your App Engine default service account lacks the necessary permissions to access Vertex AI Search. Follow these steps to verify and grant the required permissions:
In the Google Cloud Console, go to IAM & Admin → IAM.
Search for your App Engine default service account (it usually has a name like [PROJECT_NUMBER][email protected]).
Click on the service account to view its roles.
Ensure that the service account has at least the “Discovery Engine Viewer” or “Discovery Engine Editor” role (depending on your requirements). If not, add the necessary role.
Check for Multiple URL Patterns and Versioned URLs: Your App Engine application might respond to multiple URL patterns (e.g., versioned URLs like version-dot-myproject.uc.r.appspot.com). If this is the case, you’ll need to whitelist each of these domains individually within your Vertex AI Search configuration.
Common Pitfalls & What to Check Next:
Propagation Delays: Changes to the authorized domains list in Vertex AI Search can take some time (10-15 minutes or more) to fully propagate. Be patient and allow sufficient time before concluding that the whitelisting hasn’t worked.
Incorrect Domain Name: Double-check that you’ve copied the exact domain name from the error message into the Vertex AI Search configuration. Even a small typo can prevent successful authorization.
Service Account Issues: If you’re still encountering problems after completing steps 1 and 2, thoroughly review the permissions assigned to your App Engine service account. Ensure that it has the correct roles in the relevant Google Cloud projects (e.g., App Engine and Vertex AI).
Still running into issues? Share your (sanitized) config files, the exact command you ran, and any other relevant details. The community is here to help!
Had this exact problem when we migrated our search tool to App Engine last year. The domain whitelist works, but there’s a gotcha.
Yes, add your App Engine URL to Vertex AI Search’s authorized domains. But App Engine can serve from multiple URL patterns depending on your setup.
Check if your app responds to versioned URLs like version-dot-myproject.uc.r.appspot.com. We had to whitelist both - the main domain AND versioned ones hit different endpoints.
Traffic splitting or multiple services? Each needs separate whitelisting. Learned this during a staged rollout.
Propagation takes time - we saw 10-15 minute delays, especially during peak hours. Don’t freak if it doesn’t work right away.
For production, I whitelist the main domain, version-specific ones, and any planned custom domains. Saves future headaches.
had the same issue a while back! just add your app engine domain in the vertex ai search console. head to search config settings and whitelist “myproject.uc.r.appspot.com”. it should fix it quickly, might take a few mins to propagate tho.
Step-by-Step Guide:
Common Pitfalls & What to Check Next:
Still running into issues? Share your (sanitized) config files, the exact command you ran, and any other relevant details. The community is here to help!