HTTP bindings for Azure Functions

On this page Overview HTTP Trigger HTTP Input binding HTTP Output binding Samples Best practices

Overview

HTTP bindings let Azure Functions expose a RESTful endpoint or call external HTTP services. The same function can act as an HTTP trigger, an HTTP input binding, and an HTTP output binding.

Trigger: Defines how the function is invoked via an HTTP request.
Input: Provides request data (e.g., query string, headers, body) as parameters.
Output: Generates the HTTP response returned to the caller.

HTTP Trigger

Add an httpTrigger binding in function.json to make the function reachable via HTTP.

{
  "bindings": [
    {
      "authLevel": "function",
      "type": "httpTrigger",
      "direction": "in",
      "name": "req",
      "methods": [ "get", "post" ],
      "route": "items/{id?}"
    },
    {
      "type": "http",
      "direction": "out",
      "name": "res"
    }
  ]
}

HTTP Input binding

You can bind request details directly to function parameters.

public static async Task Run(
    [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
    ILogger log)
{
    string name = req.Query["name"];
    string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
    // ...
}

HTTP Output binding

Return an IActionResult (C#), HttpResponseMessage (JS), or equivalent to send a response.

JavaScript

return new OkObjectResult(new { message = "Success", id = 123 });

context.res = {
    status: 200,
    body: { message: "Success", id: 123 },
    headers: {
        "Content-Type": "application/json"
    }
};
context.done();

Samples

Below are quick-start samples for common scenarios.

GET endpoint

POST endpoint

// GET /api/todo/{id}
public static IActionResult GetTodo(
    [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "todo/{id}")] HttpRequest req,
    int id,
    ILogger log)
{
    var todo = TodoRepository.Get(id);
    return todo != null ? (IActionResult)new OkObjectResult(todo) : new NotFoundResult();
}

// POST /api/todo
public static async Task CreateTodo(
    [HttpTrigger(AuthorizationLevel.Function, "post", Route = "todo")] HttpRequest req,
    ILogger log)
{
    var data = await new StreamReader(req.Body).ReadToEndAsync();
    var todo = JsonConvert.DeserializeObject(data);
    TodoRepository.Add(todo);
    return new CreatedResult($"/api/todo/{todo.Id}", todo);
}

Best practices

Use AuthorizationLevel.Function for internal APIs and Anonymous only for public endpoints.
Validate all request data and return proper status codes (400, 401, 404, 500, etc.).
Leverage ILogger to log request IDs for traceability.
Prefer binding to POCO models instead of raw strings when possible.
Set appropriate Cache-Control and CORS headers in the response.