Stay organized with collections
Save and categorize content based on your preferences.
APIs-Google user agent
APIs-Google is the user agent used by Google APIs to deliver push notification messages.
Application developers can request these notifications to avoid the need for continually
polling Google's servers to find out if the resources they are interested in have changed.
To make sure nobody abuses this service, Google requires developers to prove that they own
the domain before allowing them to register a URL with a domain as the location where they
want to receive messages.
How APIs-Google accesses your site
APIs-Google sends each push notification using an HTTPS POST request. If the request fails due
to an error condition that might be temporary, APIs-Google will resend the notification. If
the request still doesn't succeed, it will continue to retry—based on an exponential backoff
schedule—up to a maximum of several days.
The rate at which APIs-Google accesses your site varies by how many push notification requests
were created for servers on your site, by how fast the monitored resources are getting
updated, and by the number of retries occurring. As a result, the APIs-Google traffic patterns
can be consistent in some scenarios, but in other scenarios the traffic can be sporadic or
spiky.
Prepare your site for APIs-Google
APIs-Google uses HTTPS to deliver push notifications, so it requires your site to have a valid
SSL certificate. Invalid certificates include the following:
Self-signed certificates.
Certificates signed by an untrusted source.
Certificates that have been revoked.
Avoid unnecessary retry requests by ensuring that your application is well-designed and
responds promptly to notification messages (within seconds).
Prevent APIs-Google from calling your site
To prevent APIs-Google from calling your site, do one of the following:
Unregister for notifications. If you administer a domain that has
subdomains or URL subspaces that are owned or administered separately, one of the subdomain
owners may have set up an application that uses push notifications. If you want to block
APIs-Google, contact anyone who might have set up an application like this and ask them to
disable it.
Use robots.txt. The user agent to specify in the robots.txt file is
APIs-Google - APIs-Google does not follow rules for the Googlebot user agent.
There may be a small delay before APIs-Google discovers your robots.txt file change. If
APIs-Google continues to send messages to your site several days after you've blocked it in
robots.txt, check that the robots.txt is in the correct location.
Verify the caller
If you suspect that you are receiving spoofed requests, you can
verify that a bot accessing your server really is calling from google.com.
Search your logs for any IP addresses identifying themselves as the
APIs-Google user agent; a reverse DNS lookup shows the googlebot.com or
google.com domain.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-02-04 UTC."],[[["\u003cp\u003eAPIs-Google is a user agent utilized by Google APIs to deliver push notifications, allowing developers to receive updates without continuous server polling.\u003c/p\u003e\n"],["\u003cp\u003eAPIs-Google accesses websites using HTTPS POST requests for notifications, employing retries with exponential backoff for failed deliveries, leading to varied traffic patterns.\u003c/p\u003e\n"],["\u003cp\u003eWebsites must possess a valid SSL certificate to receive notifications and should be optimized for prompt responses to minimize unnecessary retry attempts by APIs-Google.\u003c/p\u003e\n"],["\u003cp\u003eTo prevent APIs-Google access, website owners can unregister for notifications or utilize robots.txt to block the user agent.\u003c/p\u003e\n"],["\u003cp\u003eSpoofed requests can be identified by verifying the caller's IP address through reverse DNS lookup to confirm association with googlebot.com or google.com.\u003c/p\u003e\n"]]],["APIs-Google is Google's user agent for push notifications, delivering messages via HTTPS POST requests. Developers must verify domain ownership to use this service. APIs-Google retries failed requests with exponential backoff and can create sporadic traffic. Sites need valid SSL certificates, and apps should respond quickly to avoid retries. To block APIs-Google, unregister notifications or use `APIs-Google` in robots.txt. Spoofed requests can be identified by verifying IP addresses against googlebot.com or google.com domains.\n"],null,["APIs-Google user agent\n\n\nAPIs-Google is the user agent used by Google APIs to deliver push notification messages.\nApplication developers can request these notifications to avoid the need for continually\npolling Google's servers to find out if the resources they are interested in have changed.\nTo make sure nobody abuses this service, Google requires developers to prove that they own\nthe domain before allowing them to register a URL with a domain as the location where they\nwant to receive messages.\n\nHow APIs-Google accesses your site\n\n\nAPIs-Google sends each push notification using an HTTPS POST request. If the request fails due\nto an error condition that might be temporary, APIs-Google will resend the notification. If\nthe request still doesn't succeed, it will continue to retry---based on an exponential backoff\nschedule---up to a maximum of several days.\n\n\nThe rate at which APIs-Google accesses your site varies by how many push notification requests\nwere created for servers on your site, by how fast the monitored resources are getting\nupdated, and by the number of retries occurring. As a result, the APIs-Google traffic patterns\ncan be consistent in some scenarios, but in other scenarios the traffic can be sporadic or\nspiky.\n\nPrepare your site for APIs-Google\n\n\nAPIs-Google uses HTTPS to deliver push notifications, so it requires your site to have a valid\nSSL certificate. **Invalid** certificates include the following:\n\n- Self-signed certificates.\n- Certificates signed by an untrusted source.\n- Certificates that have been revoked.\n\n\nAvoid unnecessary retry requests by ensuring that your application is well-designed and\nresponds promptly to notification messages (within seconds).\n\nPrevent APIs-Google from calling your site\n\n\nTo prevent APIs-Google from calling your site, do one of the following:\n\n- **Unregister for notifications.** If you administer a domain that has subdomains or URL subspaces that are owned or administered separately, one of the subdomain owners may have set up an application that uses push notifications. If you want to block APIs-Google, contact anyone who might have set up an application like this and ask them to disable it.\n- **Use robots.txt.** The user agent to specify in the robots.txt file is `APIs-Google` - `APIs-Google` does not follow rules for the Googlebot user agent. There may be a small delay before `APIs-Google` discovers your robots.txt file change. If `APIs-Google` continues to send messages to your site several days after you've blocked it in robots.txt, check that the robots.txt is in the correct location.\n\nVerify the caller\n\n\nIf you suspect that you are receiving spoofed requests, you can\n[verify that a bot accessing your server really is calling from google.com](/search/docs/crawling-indexing/verifying-googlebot).\nSearch your logs for any IP addresses identifying themselves as the\n`APIs-Google` user agent; a reverse DNS lookup shows the googlebot.com or\ngoogle.com domain."]]
