Invoke an HTTP function with HTTP requests - Function Compute

Function Compute supports HTTP triggers. Functions configured with HTTP triggers can be invoked by HTTP requests. The functions receive and process the HTTP requests, and then return responses to callers. This topic describes how to configure an HTTP trigger that invokes a function with HTTP requests in the Function Compute console.

Prerequisites

A function is created. For more information, see the "Create a function" section of the Create an event function topic.

Step 1: Create a trigger

Log on to the Function Compute console. In the left-side navigation pane, click Functions.
In the top navigation bar, select a region. On the Functions page, click the function that you want to manage.
On the function details page, click the Configurations tab. In the left-side navigation pane, click Triggers. Then, click Create Trigger.

In the Create Trigger panel, configure the parameters and click OK.

Parameter	Description	Example
Trigger Type	The type of the trigger that you want to create. Select HTTP Trigger.	HTTP Trigger
Name	The name of the HTTP trigger.	http-trigger
Version or Alias	The version or alias of the function for which you want to create the HTTP trigger. The default value is LATEST. If you want to create an HTTP trigger for another version or alias, select the version or alias from the Version or Alias drop-down list. For more information about versions and aliases, see Manage versions and Manage aliases.	LATEST
Request Methods	The methods that can be used to trigger the HTTP trigger.	GET, POST, PUT, DELETE
Disable Internet URL	Specifies whether to allow access to the HTTP trigger by using a public endpoint. By default, this parameter is set to No. If you select Yes, no default public endpoint is provided for the HTTP trigger. In this case, the `access denied due to function internet URL is disable` error is reported if you use a public endpoint to invoke the function. You can invoke the function by using a custom domain name.	No
Authentication Method	The method that is used to authenticate HTTP requests. Value values: No Authentication: Function Compute supports anonymous access to the function and does not authenticate HTTP requests. All users can invoke the function by using HTTP requests. Signature Authentication: Identity authentication is required for HTTP requests. For more information about the sample code for signature authentication, see the "Access the URL of an HTTP trigger by using a signature in a request" section of the Configure signature authentication for HTTP triggers topic. JWT Authentication: Function Compute authenticates HTTP requests based on JSON Web Tokens (JWTs). For more information, see Configure JWT authentication for an HTTP trigger.	No Authentication

After the HTTP trigger is created, you can modify some parameters, such as Version or Alias, Request Methods, Disable Internet URL, and Authentication Method, of the HTTP trigger based on your business requirements.

Step 2: Write and deploy code

After the HTTP trigger is created, you can write code for the function.

On the function details page, click the Code tab, edit the function code in the code editor, and then click Deploy. You can obtain sample code in various programming languages from User Guide > Code development in the Function Compute documentation.

Step 3: Test the function

Method 1: Test the function in the Function Compute console

On the Function Details page, click the Code tab.

Synchronous invocation
Click Test Function.
Asynchronous invocation
Click the icon next to Test Function, select Async Invocation, and then click Test Function.

After the test is complete, view the test result on the Code tab.

Method 2: Use cURL to test the function

On the function details page, click the Configurations tab. In the left-side, click Triggers. In the configurations of the HTTP trigger, copy the public endpoint for subsequent tests:

Synchronous invocation
Run the following command. After the command is run, the result is returned.
```
curl -v https://http-***.cn-shenzhen.fcapp.run/$path
```
Sample command:
```
curl -v https://http-***.cn-shenzhen.fcapp.run/test
```
Asynchronous invocation
Run the following command. After the command is run, the result that indicates whether Function Compute receives the asynchronous invocation request is returned. If 202 is returned, the request was successful. If another status code is returned, a request error occurred. For more information about status codes, see the Troubleshooting section of this topic.
```
curl -v -H "X-Fc-Invocation-Type: Async" https://http-***.cn-shenzhen.fcapp.run/$path
```
Sample command:
```
curl -v -H "X-Fc-Invocation-Type: Async" https://http-***.cn-shenzhen.fcapp.run/test
```

(Not recommended) Method 3: Test the function in a browser

On the function details page, click the Configurations tab. In the left-side pane, click Triggers. In the configurations of the HTTP trigger, copy the public endpoint and paste the public endpoint in the address bar of a browser, and then press the Enter key.
After the test is complete, the browser returns the test result.

(Optional) Use API Gateway to protect functions

By default, Function Compute supports anonymous access to functions and does not authenticate HTTP requests. All users can invoke your functions by using HTTP requests. To prevent waste of resources and mitigate security risks caused by unauthorized access, you can enable identity authentication and connect your HTTP functions to API Gateway. You can use IP address-based access control plug-ins, JWT authentication plug-ins, or basic authentication plug-ins of API Gateway to protect your HTTP functions.

On the Functions page of the Function Compute console, find the function that you want to manage and click the function name. On the function details page, click the Configurations tab. In the left-side pane, click Triggers. Find the HTTP trigger that you want to manage and click Modify in the Actions column.
In the Modify Trigger panel, set the Disable Internet URL parameter to Yes.
Log on to the API Gateway console and switch to the region in which the HTTP function resides.
Create an API group and an API.
External applications can call the API that you created in a specific method to invokes the associated function. API groups are used to manage APIs based on unified security and traffic policies.
1. Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > API Groups. On the API Groups page, click Create Group in the upper-right corner.
2. In the Create Group dialog box, select an instance from the Instances drop-down list, set the Group Name parameter to FC-Group and the BasePath parameter to /, and then click Confirm.
3. In the left-side navigation pane, choose Manage APIs > APIs. On the APIs page, click Create API. In the Basic Information step, configure the following parameters and click Next.
4. In the Define API Request step, set the Request Path parameter to /, use the default values for other parameters, and then click Next.
5. In the Define Backend Service step, set the Trigger Path parameter to the internal endpoint of the HTTP trigger, such as https://***-***.cn-hangzhou-vpc.fcapp.run, configure other parameters based on the following figure, and then click Next.
6. In the Define Response step, keep the default settings and click Create. After the API is created, find the API on the APIs page and click Publish in the Actions column.
Debug the API. You can debug the created API by using the online debugging tool provided by API Gateway. This helps troubleshoot and resolve the API issues before it is published and check whether the API can work as expected. If the API passes the debugging, the API is connected to Function Compute.
1. Log on to the API Gateway console. In the left-side navigation pane, choose Call APIs > Debug.
2. On the Debug API page, select the FC-test API that you created and click Send Request. The following figure shows the returned information indicating that the configuration is successful.
Create a backend signature plug-in. Set key and secret to the AccessKey ID and AccessKey secret of your Alibaba Cloud account. Then, bind the plug-in to the API that you created. For more information, see Overview.
Resolve your domain name to the second-level domain name provided by API Gateway by using CNAME.
1. Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > API Groups. On the API Groups page, click the name of the API group that you created. On the page that appears, copy the public second-level domain name.
2. Log on to the Alibaba Cloud DNS console. Find your domain name and go to the details page of the domain name. On the details page, find the DNS record that you want to manage and click Modify in the Actions column.
  Note
  If you want to bind an independent domain name to an API group in a region inside the Chinese mainland, you must apply for an ICP filing in the Alibaba Cloud ICP Filing system for the domain name, or add Alibaba Cloud as a service provider to the ICP filing information of the domain name.
3. Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > API Groups. On the API Groups page, click the name of the API group that you created. On the page that appears, find the Independent Domains section. In the Independent Domains section, click Bind Domain Name. In the Bind Domain Name dialog box, enter your domain name and click Confirm. The domain name is bound.

After you complete the preceding steps, you can access the HTTP function by using your own domain name. You can also create the following plug-ins and bind them to your API to protect your HTTP functions:

Troubleshooting

The following errors may occur when you send requests to invoke functions:

Request errors: A request error occurs if a request does not meet specific requirements. In this case, an HTTP status code 4xx is returned.
Function errors: A function error occurs when the function code is invalid. In this case, an HTTP status code 5xx is returned.

The following table describes the scenarios in which request errors and function errors may occur. You can troubleshoot errors based on error causes.

Error type	HTTP status code	Cause	Billable
Request error	400	Your request exceeds the limits on HTTP requests. For more information, see Overview.	No
	400	The request for a function that requires identity authentication does not contain the date information or authorization information.	No
	403	The signature of the request for a function that requires identity authentication is invalid, which indicates that the authorization information is invalid. The date information is used to calculate a signature, and the signature is valid only for 15 minutes. If you use an HTTP trigger that requires access authentication, the signature becomes invalid if the date information in the request header is generated over 15 minutes ago.	No
	403	Your request is sent by using a method that is not configured in the HTTP trigger. For example, if you send an HTTP request by using the POST method, but only the GET method is configured in the HTTP trigger, this error occurs.	No
	404	An HTTP request is sent to a function for which no HTTP trigger is configured.	No
User throttling error	429	Your traffic is throttled. You can reduce concurrent requests or contact the technical support of Function Compute to increase the concurrency settings.	No
Function error	502	The response of a function exceeds the limits on HTTP responses. For more information, see Overview.	Yes
	502	The code of a function has a syntax error or an exception.	Yes
	502	An HTTP request is sent to a function that does not use an HTTP handler function.	Yes
System error	500	A system error occurs in Function Compute. Try again.	No
System throttling error	503	System throttling is enabled for Function Compute. Try again in exponential backoff mode.	No

If the issue persists, join the DingTalk group (ID: 64970014484) of Function Compute for technical support.