Anonymous caller does not have storage.objects.get

1.Does BASIC Authorization Header work in Google HTTP API?

No, It is not working on Google APIs. You need to attach OAuth2.0 accessToken to Authorization Header as bearer token like Authorization: Bearer ${yourAccessToken}.

I have 2 recommendations to develop some application running on gae.

  1. Use ClientLibrary to call Google APIs.
  2. You can use AppEngineDefaultCredential to call Google APIs. Do not forget to set permissions to your AppEngineDefaultServiceAccount (${projectId} before issue your request. You can configure those permissions on IAM page in cloud console.

Also I recommend you to read this page about How to authenticate your api call.

If you want to grant public access, you can make data public.

But the best way is generate Signed Urls, this way you can grant limit time access to an object.