Authenticating requests in AMP for Email

Dynamic personalized email content often requires authenticating the user. However, to protect user data all HTTP requests made from inside AMP emails within Gmail are proxied and stripped of cookies.

To authenticate requests made from AMP emails, you may use access tokens.

Access tokens

You can use access tokens to authenticate the user. Access tokens are supplied and checked by the email sender. The sender uses the tokens to ensure that only those with access to the AMP email can make the requests contained within that email. Access tokens must be cryptographically secure and time- and scope-limited. They are included within the URL of the request.

This example demonstrates using <amp-list> to display authenticated data:

<amp-list src=""
  <template type="amp-mustache">

Similarly when using <amp-form>, place your access token in the action-xhr URL.

<form action-xhr="" method="post">
  <input type="text" name="data">
  <input type="submit" value="Send">


The following example considers a hypothetical note-taking service that lets logged-in users to add notes to their account and view them later. The service wants to send an email to a user,, that includes a list of notes they previously took. The list of the current user's notes is available at the endpoint in JSON format.

Before sending the email, the service generates a cryptographically secure limited-use access token for A3a4roX9x. The access token is included in the field name exampletoken inside the URL query:

<amp-list src="" height="300">
  <template type="amp-mustache">

The endpoint is responsible for validating the exampletoken parameter and finding the user associated with the token.

For more information, see Limited use access tokens.