HTTP and webhooks

Accessing query string values in HTTP Triggers

When making HTTP requests, you have the ability of supplying additional parameters via a query string. These parameters can be retrieved to alter how the response is returned.

The following example appends two query string variables along with their associated values:


public static Task<HttpResponseMessage> Run([HttpTrigger(AuthorizationLevel.Anonymous, "GET")]HttpRequestMessage req, TraceWriter log)
    log.Info("101 Azure Function Demo - Accessing the query string values in HTTP Triggers");

    // Retrieve query parameters
    IEnumerable<KeyValuePair<string, string>> values = req.GetQueryNameValuePairs();

    // Write query parameters to log
    foreach (KeyValuePair<string, string> val in values)
        log.Info($"Parameter: {val.Key}\nValue: {val.Value}\n");

    // return query parameters in response
    return Task.FromResult(req.CreateResponse(HttpStatusCode.OK, values));


  • Use the GetQueryNameValuePairs method of HttpRequestMessage to retrieve query string parameters
  • GetQueryNameValuePairs returns a list of KeyValuePairs<string, string>

Read more

Accessing the request body in HTTP Triggers

When making HTTP requests, you may need to pass on additional data via the body of the request. You can easily get access to content of the message body using HttpRequestMessage.

JSON body content

    "firstname" : "Scott",
    "isdisabled" : "true"

XML body content

<Customer xmlns="">
public static async Task<HttpResponseMessage> Run([HttpTrigger(AuthorizationLevel.Anonymous, "POST", Route = null)]HttpRequestMessage req, TraceWriter log)
    log.Info("101 Azure Function Demo - Reading the request body in HTTP Triggers");

    // Read body
    Customer data = await req.Content.ReadAsAsync<Customer>();

    // Echo request data back in the response
    return  req.CreateResponse(HttpStatusCode.OK, data);

public class Customer
    public string FirstName { get; set; }
    public bool IsDisabled { get; set; }


  • Use the ReadAsAsync method to deserialize the request body to a specified object type.
  • application/json and application/xml content types are supported out of the box. Ensure the Content-type header is properly set.
  • JSON serialization uses JSON.NET.
  • Other methods available to ready body content include ReadAsStringAsync, ReadAsStreamAsync and, ReadAsByteArrayAsync.

Read more

Restricting HTTP verbs in HTTP Triggers

With the HttpTrigger attribute, you can list one or more HTTP verbs that your function responds to.

// Respond to only GET requests
Task<HttpResponseMessage> Run([HttpTrigger(AuthorizationLevel.Anonymous, "GET")]HttpRequestMessage req, TraceWriter log)
    // ...

// Respond to  GET or PUT requests
Task<HttpResponseMessage> Run([HttpTrigger(AuthorizationLevel.Anonymous, "GET", "PUT")]HttpRequestMessage req, TraceWriter log)
    // ...


  • Using the HttpTrigger trigger you can list supported HTTP verbs.
  • Always specify one or more HTTP verbs to respond to.

Read more

Securing HTTP Triggers with security keys

When creating your function, you have the option of allowing it to be called by anyone (Anonymous) or to require a security key.

When making a request to a secure function, you are required to provide the security key as shown.


Keys are stored as part of your function app in Azure and are encrypted at rest. To view your keys, create new ones, or roll keys to new values, navigate to one of your functions within the Azure portal.

public static async Task<HttpResponseMessage> Run([HttpTrigger(AuthorizationLevel.Function, "GET")]HttpRequestMessage req, TraceWriter log)
    log.Info("Azure Function Demos - Restricting HTTP verbs");

    return  req.CreateResponse(HttpStatusCode.OK, "Secure Response");


  • There are two types of keys that can be used to secure your Azure Function; Host and Function.
  • Host keys are shared by all functions in the same function app.
  • Function keys apply only to the specific function where they are defined.
  • Anonymous functions can be called by anyone.
  • The AuthorizationLevel enum contains the levels of security you can set on the HttpTrigger attribute.
  • In the HTTP request, keys can be specified in a code query string parameter or a x-functions-key HTTP header

Read more

GitHub Comment Webhook

Functions can be triggered with a GitHub webhook. This requires configuring a webhook for a GitHub repository. This example logs issue comments from a GitHub repository.

using System.Net;

public static async Task Run(HttpRequestMessage req, TraceWriter log)
    dynamic data = await req.Content.ReadAsAsync<object>();
    string gitHubComment = data?.comment?.body;
    log.Info("GitHub Comment WebHook: " + gitHubComment);


  • A GitHub webhook function requires configuration on GitHub by adding a webhook to a GitHub repository, adding the function's url and GitHub secret to the webhook, and setting the content type as application/json.
  • A GitHub webhook function can be triggered by a number of repository changes such as issues, pull requests, and branches.

Read more