ment variable to `true`, then create an :class:`AuthorizedHttp` instance and specify the endpoints:: regular_endpoint = 'https://pubsub.googleapis.com/v1/projects/{my_project_id}/topics' mtls_endpoint = 'https://pubsub.mtls.googleapis.com/v1/projects/{my_project_id}/topics' authed_http = AuthorizedHttp(credentials) Now we can pass a callback to :meth:`configure_mtls_channel`:: def my_cert_callback(): # some code to load client cert bytes and private key bytes, both in # PEM format. some_code_to_load_client_cert_and_key() if loaded: return cert, key raise MyClientCertFailureException() # Always call configure_mtls_channel within a try/except block. try: is_mtls = authed_http.configure_mtls_channel(my_cert_callback) except: # handle exceptions. if is_mtls: response = authed_http.request('GET', mtls_endpoint) else: response = authed_http.request('GET', regular_endpoint) You can alternatively use application default SSL credentials like this:: try: is_mtls = authed_http.configure_mtls_channel() except: # handle exceptions. Args: credentials (google.auth.credentials.Credentials): The credentials to add to the request. http (urllib3.PoolManager): The underlying HTTP object to use to make requests. If not specified, a :class:`urllib3.PoolManager` instance will be constructed with sane defaults. refresh_status_codes (Sequence[int]): Which HTTP status codes indicate that credentials should be refreshed and the request should be retried. max_refresh_attempts (int): The maximum number of times to attempt to refresh the credentials and retry the request. default_host (Optional[str]): A host like "pubsub.googleapis.com". This is used when a self-signed JWT is created from service account credentials. Nc