Please note: the serverless function features described in this article are specifically for developer projects. This includes both UI extensions and CMS React modules. For information about building serverless functions for websites outside of developer projects, visit the CMS documentation.
Supported products
Sales Hub -Enterprise Service Hub -Enterprise Marketing Hub -Enterprise Content Hub -Enterprise
When needing to fetch data for a project-based private app, whether for a UI extension or CMS React project, you'll use a serverless function. When executed, HubSpot runs the serverless function server-side using JavaScript. Because HubSpot runs the function, you don't need to manage your own server.
Your access to using serverless functions depends on your HubSpot subscription:
- UI extensions: using serverless functions for UI extensions requires an Enterprise subscription. You can also test out UI extensions for private apps for free in a developer test account.
- CMS: using serverless functions for CMS React projects requires a Content Hub Enterprise subscription.
Within the project file structure, serverless functions live in the src/app
directory within a <AnyName>.functions
folder. At the most basic level, this folder should include:
- One or more JavaScript files that export a
main
function. - A
serverless.json
file that registers and configures your functions. Learn more about serverless function configuration.
Serverless functions for private apps in projects can be executed in two ways:
- App function: a serverless function that gets executed directly from within the project using the
hubspot.serverless
API. - Endpoint function (Content Hub Enterprise only): an app function that is invoked by calling a public URL. The URL is determined by the account's connected domains and the path specified in the
serverless.json
file. This is more common for implementing serverless functions in CMS React modules.
Please note: serverless functions cannot import other functions. You'll need to include all the code the serverless function needs to execute within the serverless function file.
In the serverless functions directory, configure the serverless function with a serverless.json
file. In this file, you'll configure your serverless function name and the path of the JavaScript file to execute, along with any secrets that might need to be included for authentication.
If you have a Content Hub Enterprise subscription, you can configure a serverless function to be invoked by a public URL by including an endpoint
object in the config. Learn more about endpoint functions.
// Example serverless.json
{
"appFunctions": {
"functionName": {
"file": "function1.js",
"secrets": ["SOME_SECRET"],
"endpoint": {
"path": "path/to/endpoint",
"method": ["GET"]
}
}
}
}
Parameter | Type | Description |
---|---|---|
file | String | The .js file in the project to execute. |
secrets | Array | To authenticate requests, you can include secrets as string values in this array. Learn more about managing secrets. |
endpoint | Object | If invoking the function by a public URL (Content Hub Enterprise only), this object defines the endpoint details:
|
Each serverless function exports a main
function that gets called when HubSpot executes it. The function receives the context
argument, which is an object that contains data based on how the function is being used. This includes context about where the card is loaded as well as the authenticated user and account. Learn more about what's included in the context object.
Below is an example of a function that returns a 200
status code and a Hello World message:
//helloWorld.js
exports.main = async (context) => {
return {
statusCode: 200,
body: { message: 'Hello World' },
};
};
In your extension's front-end React code, you'll call the function using the hubspot.serverless()
API.
Please note: the hubspot.serverless()
API was introduced as
of @hubspot/ui-extensions@0.8.5
. While the previous method of using
runServerlessFunction
is still supported, the new API is more intuitive and
efficient, as it avoids unnecessary prop-drilling in sub-components and
provides responses with resolved promises regardless of the outcome. For
posterity, you can find documentation for runServerlessFunction
in the SDK
reference.
hubspot.serverless()
expects a string of the name of the function to call (as defined in the serverless.json
file), and an object containing the propertiesToSend
and parameters
fields.
xxxxxxxxxx
// Example React front-end file
import { hubspot, Button } from '@hubspot/ui-extensions';
hubspot.extend(() => <Extension />);
const Extension = () => {
const handleSubmit = () => {
hubspot
.serverless('my-function-name', {
propertiesToSend: ['hs_object_id'],
parameters: { extra: 'data' },
})
.then((response) => {
// handle response, which is the value returned from the function on success
})
.catch((error) => {
// handle error, which is an Error object if the function failed to execute
});
};
return <Button onClick={handleSubmit} label="Click me" />;
};
Parameter | Type | Description |
---|---|---|
propertiesToSend | Array | An array of properties to send the serverless function from the front-end. Property values are pulled from the currently displaying CRM record. This enables retrieving property values on the server-side when the function is called. |
parameters | Object | Additional key-value pairs to supply to the function. |
The status returned will result in a resolved promise regardless of the outcome. Success is presented as {status: 'SUCCESS', response: ...}
, and failure is presented as {status: 'ERROR', message: ...}
.
Please note: serverless functions have a response limit of 15 seconds. Functions that take longer to execute will fail.
If you have a Content Hub Enterprise subscription, you can configure a serverless function to be invoked by a public URL. When calling the URL of a HubSpot-hosted serverless function, you can use any domain connected to your account with the following URL structure: https://<domain>/hs/serverless/<endpoint-path-from-config>
.
For example, if both website.com and subdomain.brand.com are connected to the account, you could call the function using https://website.com/hs/serverless/path/to/endpoint
or https://subdomain.brand.com/hs/serverless/path/to/endpoint
.
In the URL to call the function, the endpoint path is global rather than scoped to the app or project. If you have identical endpoint paths across multiple apps or projects, the most recently deployed endpoint function will take precedence.
xxxxxxxxxx
// Example serverless.json
{
"appFunctions": {
"functionName": {
"file": "somefunction.js",
"secrets": ["SOME_SECRET"],
"endpoint": {
"path": "path/to/endpoint",
"method": ["GET"]
}
}
}
}
Every private app comes with an access token that you can use to authenticate calls to HubSpot's APIs. Alternatively, you can authenticate calls using secrets, which you'll manage through the CLI.
To authenticate HubSpot API requests with private app access tokens, you'll access the token with process.env['PRIVATE_APP_ACCESS_TOKEN']
. For example, to make a request using HubSpot's Node.js library:
- Ensure the @hubspot/api-client library is included as a dependency in your project.
- In the serverless function JavaScript file, include
@hubspot/api-client
. - Instantiate the client within
exports.main
and includePRIVATE_APP_ACCESS_TOKEN
for authentication:
xxxxxxxxxx
// Include HubSpot node API client
const hubspot = require('@hubspot/api-client');
exports.main = async (context = {}) => {
// Get hs_object_id of the record in context
const { hs_object_id } = context.propertiesToSend;
console.log(`Looking up contact by ID [${hs_object_id}]`);
// Instantiate HubSpot Node API client
const hubspotClient = new hubspot.Client({
accessToken: process.env['PRIVATE_APP_ACCESS_TOKEN'],
});
// Your function
};
- Configure the rest of the function using Node.js. For example, the following code would create a serverless function that retrieves the current contact by ID using the contacts API:
xxxxxxxxxx
// Include HubSpot node API client
const hubspot = require('@hubspot/api-client');
exports.main = async (context = {}) => {
// Get hs_object_id of the record in context
const { hs_object_id } = context.propertiesToSend;
console.log(`Looking up contact by ID [${hs_object_id}]`);
// instantiate HubSpot Node API client
const hubspotClient = new hubspot.Client({
accessToken: process.env['PRIVATE_APP_ACCESS_TOKEN'],
});
const properties = ['firstname', 'lastname'];
try {
const apiResponse = await hubspotClient.crm.contacts.basicApi.getById(
hs_object_id,
properties
);
console.log(JSON.stringify(apiResponse));
} catch (e) {
e.message === 'HTTP request failed'
? console.error(JSON.stringify(e.response, null, 2))
: console.error(e);
}
};
To access a private app access token during local development:
- If you're running HubSpot CLI version 7.0.0 or above, private app access tokens are automatically available for authentication as long as your personal access key has the
developer.app_functions.write
anddeveloper.app_functions.read
scopes. - If you're running HubSpot CLI version 6.x or below, you'll need to add the token to a
.env
file within the.functions
directory, as shown below. You can find the private app access token in the app's settings in HubSpot.
xxxxxxxxxx
PRIVATE_APP_ACCESS_TOKEN=pat-na1-******
Please note: calls authenticated with private app access tokens count against your API call limits.
To authenticate a serverless function requests using a secret:
- Create a secret by running
hs secrets add <secret-name>
. HubSpot will securely store this secret on its backend and inject them into the runtime environment when a function is invoked in production. - In the
serverless.json
file, include asecrets
field within the corresponding function object, then specify the name of the secret. Do not includePRIVATE_APP_ACCESS_TOKEN
in this array, as this is automatically created for you and already available in the serverless function.
xxxxxxxxxx
// serverless.json
{
"appFunctions": {
"functionName": {
"file": "function1.js",
"secrets": ["GITHUB_ACCESS_TOKEN"]
}
}
}
- To make secrets available for local development, create a
.env
file in the.functions
directory. HubSpot will never retrieve your secrets outside of its protected infrastructure, so you'll need to specify the secret values that you want to use when the function is executed locally.
xxxxxxxxxx
SECRET=my-secret-value
ANOTHER_SECRET=another-secret-value
- After saving secrets to the
.env
file, you can access them in your function usingprocess.env['secretName']
.
xxxxxxxxxx
export const main = async (context) => {
const secret = process.env['ANOTHER_SECRET'];
const token = process.env['PRIVATE_APP_ACCESS_TOKEN'];
}
To get started, you can find Node.js code snippets in each of HubSpot's API reference docs.
HubSpot provides a set of CLI commands for create and managing secrets:
- Create a secret by running
hs secrets add <secret name>
. HubSpot will securely store this secret on its backend and inject them into the runtime environment when a function is invoked in production. - Update a secret by running the
hs secrets update
command. If you're using a Node runtime of 14 or higher, updated secret values will automatically be updated in your deployed function within one minute, meaning you won't have to build and deploy to get the updated secret. - View existing secrets stored in your account by running
hs secrets list
. - Delete a secret by running
hs secrets delete <secret-name>
. The command line will prompt you to confirm the deletion, which you can bypass by including the--force
flag.
Please note:
- To limit exposure of a secret, it's strongly recommended to never include it in console statements to prevent it from being recorded in logs.
- If your project is linked to a GitHub repository, be sure to never commit the
.env
file when uploading to GitHub. You can include an entry for.env
in your.gitignore
file to ensure that it is omitted from your commits.
Keep the following recommendations in mind while you develop and test your serverless function:
To ensure that variables are correctly assigned and initialized with every function invocation, you should opt to assign variables within the function itself. This practice prevents potential issues related to stale or persistent variable states, which can lead to unexpected behaviors. See the example below for additional context:
xxxxxxxxxx
// Preferred
exports.myHandler = async (event, context) => {
const myDynamicVariable = process.env['SOME_KEY'];
// The rest of your handler logic
};
// Discouraged
const myDynamicVariable = process.env['SOME_KEY'];
exports.myHandler = async (event, context) => {
// The rest of your handler logic
};
The hsprojects.json
configuration file includes a platformVersion
field which specifies which platform version to run the project on. It's strongly encouraged to use the latest platform version to ensure that your project and its assets are up to date with the latest improvements, optimizations, and feature enhancements. In addition, some previously available features may not be available in older versions due to deprecation.
The platform version also dictates which version of Node the project runs on. The latest version, 2023.2
, uses Node18, and doesn't support older versions of Node.
By default, HubSpot provides a small number of NPM dependencies in addition to the Node.js standard library. To add your own dependencies, you can list the package in dependencies
within the package.json
file. When the app is built, dependencies will be bundled with your function code. All dependencies must be published to NPM and be public.
For example, if you wanted to add the lodash library in a serverless function, you would first update package.json
to include the dependency:
xxxxxxxxxx
// package.json
{
"name": "app.functions",
"version": "1.0.0",
"description": "",
"dependencies": {
"lodash": "^4.17.21"
}
}
Then, at the top of your serverless function JavaScript file, you would require the lodash dependency:
xxxxxxxxxx
// myFunction.js
const _ = require('lodash');
exports.main = async (context) => {
const objectA = {};
const objectB = {};
const equal = _.isEqual(objectA, objectB);
return {
statusCode: 200,
body: {
isEqual: equal,
},
};
};
Log messages are produced every time HubSpot executes a serverless function. Below, learn how to access logs in HubSpot and locally using the CLI.
In HubSpot, you can view a serverless function's log history for both app functions and endpoint functions, including successful requests and errors.
To access a serverless function's logs in HubSpot:
- In your HubSpot account, navigate to CRM Development.
- In the left sidebar menu, navigate to Private apps.
- Select the private app that contains the serverless function.
- Click the Logs tab.
- To view logs for a serverless app function, click the Serverless functions tab. To view logs for a serverless endpoint function, click the Endpoint functions tab.
- In each tab, you can view logs for specific requests by clicking the request. You can also use the search bar to search by request ID.
- In the right panel, you can then click View log trace for a more in-depth breakdown of the request.
You can also include console.log()
in your serverless function code for debugging purposes, then view its output in the function log details sidebar.
Log messages are produced every time HubSpot executes a serverless function. To view a serverless function's logs in the CLI, run the hs project logs
command. Learn more about using the hs project logs command.
There are two types of log messages produced:
- Log messages that record the execution of a function, along with its status and timing. For example:
2021-04-28T19:19:21.666Z - SUCCESS - Execution Time: 279ms
- Log messages that are produced through console statements in the function code. For example, your serverless function JavaScript might include:
xxxxxxxxxx
// helloWorld.js
exports.main = async (context) => {
console.log('Log some debug info');
console.error('An error occurred');
return {
statusCode: 200,
body: { message: 'Hello World' },
};
};
A log output for the above code would then produce the following:
2021-04-28T19:15:13.200Z INFO Log some debug info
2021-04-28T19:15:14.200Z ERROR An error occurred