My scenario:
I’ve got an AppsScript application running as user1 published as a Web App. In it I’ve implemented doGet().
I’ve got another Appscript application running as user2. I try to do a URLFetch on the published URL and get back a bunch of HTML indicating that the requestor needs to logon.
If I do the same URL fetch from the browser as ‘user2’, the doGet() is accessed perfectly and returns what I need.

It seems you can’t make get (or post – I tried both) HTTP requests between Appscript applications. N.B. Both users are on the same domain and as stated above, it works when user initiated from the browser. It’s like the user’s identity isn’t being passed from App to App.

This is a test case as I’m trying to work out the best way of moving data from one application to another. Google has the ContentService for returning data but I want to push data. Push is best for the architecture I’m considering as there will be several apps (10+) trying to push to the one app at any one time, so scaling is important. The ContentService lends itself to a polling approach which won’t scale if the one app, polls the other 10. Will get timeouts etc. Any tips re: such an architecture appreciated. The other option I’ve got is for the 10 apps to write directly to the ScriptDB attached to the main app. I don’t like this option because the only way to share a ScriptDB is at the project level and every app will be able to see everything in the ScriptDB and there will be no isolation of data at the app level. I realise I’m pushing the boundaries of what’s possible with Appscript and fully expect that as an answer, but with the new offerings in AppScript, Enterprise level customers are considering these approaches for lightweight apps.