diff --git a/appengine/standard/endpoints-frameworks-v2/echo/README.md b/appengine/standard/endpoints-frameworks-v2/echo/README.md
index 12e6ddb4282..d8519f307f5 100644
--- a/appengine/standard/endpoints-frameworks-v2/echo/README.md
+++ b/appengine/standard/endpoints-frameworks-v2/echo/README.md
@@ -23,7 +23,15 @@ In your web browser, go to the following address: http://localhost:8080/\_ah/api
 
 ## Deploying to Google App Engine
 
-Deploy the sample using `gcloud`:
+Generate a swagger file by running: `python lib/endpoints/endpointscfg.py get_swagger_spec main.EchoApi --hostname your-service.appspot.com`
+
+To set up OAuth2, replace `your-oauth-client-id.com` under `audiences` in the annotation for `get_user_email` with your OAuth2 client ID. If you want to use Google OAuth2 Playground, use `407408718192.apps.googleusercontent.com` as your audience. To generate a JWT, go to the following address: `https://developers.google.com/oauthplayground`.
+
+Deploy the generated swagger spec to Google Cloud Service Management: `gcloud alpha service-management deploy echo-v1_swagger.json`
+
+Open the `app.yaml` file and in the `env_variables` section, replace `your-service.appspot.com` with your service name, and `2016-08-01r0` with your uploaded service management configuration.
+
+Then, deploy the sample using `gcloud`:
 
     $ gcloud beta app deploy
 
diff --git a/appengine/standard/endpoints-frameworks-v2/echo/app.yaml b/appengine/standard/endpoints-frameworks-v2/echo/app.yaml
index 1a2d33ebb29..688df0ad9d4 100644
--- a/appengine/standard/endpoints-frameworks-v2/echo/app.yaml
+++ b/appengine/standard/endpoints-frameworks-v2/echo/app.yaml
@@ -22,3 +22,9 @@ libraries:
   version: 2.6
 - name: ssl
   version: 2.7.11
+
+env_variables:
+  # Replace with your endpoints service name.
+  ENDPOINTS_SERVICE_NAME: your-service.appspot.com
+  # Replace with the version Id of your uploaded Endpoints service.
+  ENDPOINTS_SERVICE_VERSION: 2016-08-01r0
diff --git a/appengine/standard/endpoints-frameworks-v2/echo/main.py b/appengine/standard/endpoints-frameworks-v2/echo/main.py
index 2348e1f6edc..b4d3dad6eb9 100644
--- a/appengine/standard/endpoints-frameworks-v2/echo/main.py
+++ b/appengine/standard/endpoints-frameworks-v2/echo/main.py
@@ -53,7 +53,9 @@ def echo(self, request):
         path='echo/getUserEmail',
         http_method='GET',
         # Require auth tokens to have the following scopes to access this API.
-        scopes=[endpoints.EMAIL_SCOPE])
+        scopes=[endpoints.EMAIL_SCOPE],
+        # OAuth2 audiences allowed in incoming tokens.
+        audiences=['your-oauth-client-id.com'])
     def get_user_email(self, request):
         user = endpoints.get_current_user()
         # If there's no user defined, the request was unauthenticated, so we