Azure Functions HTTP triggers and bindings overview

Azure Functions may be invoked via HTTP requests to build serverless APIs and respond to webhooks.

Action Type
Run a function from an HTTP request Trigger
Return an HTTP response from a function Output binding

Install extension

The extension NuGet package you install depends on the C# mode you're using in your function app:

Functions execute in the same process as the Functions host. To learn more, see Develop C# class library functions using Azure Functions.

The functionality of the extension varies depending on the extension version:

Add the extension to your project by installing the NuGet package, version 3.x.

Install bundle

Starting with Functions version 2.x, the HTTP extension is part of an extension bundle, which is specified in your host.json project file. To learn more, see extension bundle.

This version of the extension should already be available to your function app with extension bundle, version 2.x.

host.json settings

This section describes the configuration settings available for this binding in versions 2.x and higher. Settings in the host.json file apply to all functions in a function app instance. The example host.json file below contains only the version 2.x+ settings for this binding. For more information about function app configuration settings in versions 2.x and later versions, see host.json reference for Azure Functions.

Note

For a reference of host.json in Functions 1.x, see host.json reference for Azure Functions 1.x.

{
    "extensions": {
        "http": {
            "routePrefix": "api",
            "maxOutstandingRequests": 200,
            "maxConcurrentRequests": 100,
            "dynamicThrottlesEnabled": true,
            "hsts": {
                "isEnabled": true,
                "maxAge": "10"
            },
            "customHeaders": {
                "X-Content-Type-Options": "nosniff"
            }
        }
    }
}
Property Default Description
customHeaders none Allows you to set custom headers in the HTTP response. The previous example adds the X-Content-Type-Options header to the response to avoid content type sniffing.
dynamicThrottlesEnabled true* When enabled, this setting causes the request processing pipeline to periodically check system performance counters like connections/threads/processes/memory/cpu/etc and if any of those counters are over a built-in high threshold (80%), requests will be rejected with a 429 "Too Busy" response until the counter(s) return to normal levels.
*The default in a Consumption plan is true. The default in a Dedicated plan is false.
hsts not enabled When isEnabled is set to true, the HTTP Strict Transport Security (HSTS) behavior of .NET Core is enforced, as defined in the HstsOptions class. The above example also sets the maxAge property to 10 days. Supported properties of hsts are:
PropertyDescription
excludedHostsA string array of host names for which the HSTS header isn't added.
includeSubDomainsBoolean value that indicates whether the includeSubDomain parameter of the Strict-Transport-Security header is enabled.
maxAgeString that defines the max-age parameter of the Strict-Transport-Security header.
preloadBoolean that indicates whether the preload parameter of the Strict-Transport-Security header is enabled.
maxConcurrentRequests 100* The maximum number of HTTP functions that are executed in parallel. This value allows you to control concurrency, which can help manage resource utilization. For example, you might have an HTTP function that uses a large number of system resources (memory/cpu/sockets) such that it causes issues when concurrency is too high. Or you might have a function that makes outbound requests to a third-party service, and those calls need to be rate limited. In these cases, applying a throttle here can help.
*The default for a Consumption plan is 100. The default for a Dedicated plan is unbounded (-1).
maxOutstandingRequests 200* The maximum number of outstanding requests that are held at any given time. This limit includes requests that are queued but have not started executing, as well as any in progress executions. Any incoming requests over this limit are rejected with a 429 "Too Busy" response. That allows callers to employ time-based retry strategies, and also helps you to control maximum request latencies. This only controls queuing that occurs within the script host execution path. Other queues such as the ASP.NET request queue will still be in effect and unaffected by this setting.
*The default for a Consumption plan is 200. The default for a Dedicated plan is unbounded (-1).
routePrefix api The route prefix that applies to all routes. Use an empty string to remove the default prefix.

Next steps