Supported products
Supported products
serverless.json configuration, enable the use of third-party dependencies, and have more direct access to private app access tokens for authentication.
For a high-level overview of serverless functions, see the serverless functions overview. And to get started building project-based serverless functions, check out the get started guide.
File structure
Serverless functions are packaged within a.functions directory within the app directory of a project. The .functions directory can have any name you’d like, as long as it ends in .functions.
In the .functions directory, you’ll need to include three files:
serverless.json: the configuration file for the serverless function.function.js: A JavaScript file containing the code to execute. This file can have any name, and you’ll reference the file name inserverless.json.- A
package.jsonconfiguration file to contain the dependencies needed to execute the function.
Serverless.json
Theserverless.json file stores the serverless function configuration. This is a required file, and maps your functions to their endpoints.
Function file
Serverless functions built with developer projects use the NodeJS runtime (version 18 and higher). Lower versions of Node cannot be specified. In addition, serverless functions should be asynchronous, usingawait and try/catch instead of promise chaining.
Below is an example of JavaScript code that can be executed by a serverless function. This code is taken from the get started with serverless functions guide and fetches a quote via the Zen Quotes API. Learn more about authenticating requests.
package.json
In thepackage.json file, you can specify dependencies to include in the dependencies field. When the app is built, dependencies will be bundled with your function code. All dependencies must be published to NPM and be public.
For example, if you wanted to add the lodash library in a serverless function, you would first update package.json to include the dependency:
Endpoints
Serverless functions for the CMS are invoked by calling its public URL, which has the following structure:https://<domain>/hs/serverless/<path>.
For example, if both website.com and subdomain.brand.com are connected to the account, you could call the function using
https://website.com/hs/serverless/<path> or https://subdomain.brand.com/hs/serverless/<path>. If the serverless function’s path field was set to fetch-quote, the full URL would be:
https://website.com/hs/serverless/fetch-quote
Authentication
Serverless functions requests built with projects can be authenticated using either the app’s private app access token or a secret. Calls authenticated with private app access tokens count against your API call limits.- Private app access tokens can be used for authenticating HubSpot API requests, using the value
PRIVATE_APP_ACCESS_TOKEN. - Secrets can be referenced by name, and must also be included in the
secretsarray of theserverless.jsonfile. To create, manage, and view secrets associated with your account, use the set ofhs secretsCLI commands. - In the function file, authentication for app tokens and secrets are both accessed with
process.env.
headers object).
- Private app access token
- Secret auth
Context object
The context object contains contextual information about the function’s execution, stored in the following parameters.Headers
If you need to know the headers of the client that’s hitting your endpoint, you can access them throughcontext.headers, similar to how you would access information through context.body.
Below, review some of the common headers that HubSpot provides. For a full list, see MDN’s HTTP headers documentation.
Redirect by sending a header
You can perform a redirect from your serverless function by sending a response with a location header and301 statusCode.
Limits
Serverless functions are intended to be fast and have a narrow focus. To enable quick calls and responses, HubSpot serverless functions have the following limits:- 50 secrets per account.
- 128MB of memory.
- No more than 100 endpoints per HubSpot account.
- You must use
contentTypeofapplication/jsonwhen calling a function. - Serverless function logs are stored for 90 days.
- 6MB on an AWS Lambda invocation payload.
- Each function has a maximum of 10 seconds of execution time.
- Each account is limited to 600 total execution seconds per minute.
- 60 function executions that take 10 seconds each to complete.
- 6,000 function executions that take 100 milliseconds to complete.
429 response. The execution time of each function is included in the serverless function logs.
To assist in avoiding these limits, limit data is provided automatically to the function context during execution. You can use that to influence your application to stay within those limits. For example, if your application requires polling your endpoint, then you can return with your data a variable to influence the frequency of the polling. That way when traffic is high you can slow the rate of polling avoiding hitting limits, then ramp it back up when traffic is low.