When we create End Point, it has external address to access it. So, if I try to call it from another End Point it will use some traffic.
I want to create End Point available from outside (Api), and another end point for accessing to datastorage. Second End Point shouldn't have external access, and could be called only inside App Engine from another applications (first service with external address). Just for security and minimization traffic.
So, is it possible to create End Point that available only for another End point and applications from Container Engine? Or i should do it in another way?
I find your question rather vague. Are you trying to access one endpoint from within the same app engine application? You could extract the endpoint code into a static method and call that method. There's no good reason to use endpoints for such a scenario.
If you try to access your endpoint from another App Engine application: Cloud Endpoints are public by default. If you restrict the access things like the Google JavaScript client won't work anymore because you'll block the proper discovery of your endpoints. You can restrict access to your endpoints by injecting the HttpServletRequest into your endpoint @ApiMethod and filter by the requester's IP or a custom header. You could also inject the User object into your endpoint method and do a service account oauth authentication to access your endpoint from another app engine instance or project.
Hope this helps
Local access to AppEngine's datastore is possible through: JPA, JDO, the low level API (https://cloud.google.com/appengine/docs/java/datastore/) If you need a wrapper, i'm using Objectify in all my projects, but there's also slim3 (see link).