Developing Serverless Node.js Apps with Azure Functions

Azure Functions provides a powerful serverless infrastructure, enabling you to develop scalable, on-demand HTTP endpoints with ease. By using JavaScript or TypeScript, you can create serverless applications that respond to various events, allowing you to focus on writing code without worrying about managing servers. This guide helps you get started with developing serverless Node.js apps using Azure Functions, integrating seamlessly with other Azure services.

Azure serverless community library of samples

What is a Function resource?

An Azure Function resource is a logical unit for all related functions in a single Azure geographic location. The resource can contain a single function or many functions, which can be independent of each other or related with input or output bindings. You can select from many common functions or create your own.

The function resource settings include typical serverless configurations including environment variables, authentication, logging, and CORS.

Durable, stateful functions

Durable Functions retain state, or manage long-running functions in Azure. Create your first durable function in JavaScript.

Static web apps include functions

When you develop a static front-end client application (such as Angular, React, or Vue), which also need serverless APIs, use Static Web apps with functions to bundle both together.

Proxy from client app to the API

If you intend to deploy your API with your Static web app, you don't need to proxy your client application's API calls. The proxy is established for you when you deploy the Azure Functions app as a managed app.

When you develop locally with a Static Web App and Azure Functions, the Azure Static Web Apps CLI provides the local proxy.

Common security settings you need to configure for your Azure Function

The following common settings should be configured to keep your Azure Function secure:

Authentication and authorization:
- Use Microsoft Entra ID (formerly Azure Active Directory) for robust authentication. Configure your function app to require OAuth2 tokens for production workloads.
- Avoid using function keys for sensitive applications. Instead, integrate with Microsoft Entra ID or validate JWT tokens in your function code.
- Use managed identities to authenticate your function app with other Azure resources, ensuring each function gets only the access it needs.
Configuration settings:
- Application settings - create Application settings for settings that don't impact security.
- Secrets and keys - for any settings that impact security, use this tiered approach:
  1. First, use Microsoft Entra ID for authentication where supported.
  2. For integrations that don't support Entra ID, store secrets in Azure Key Vault and pull in those settings from your Key Vault.
  3. Never embed secrets in code or configuration files.
- For other platform security settings, see Securing Azure Functions.
Network security:
- CORS - configure your client domains. Don't use *, indicating all domains.
- Virtual network integration - use private endpoints or virtual network integration to limit network exposure and restrict inbound traffic from trusted sources.
HTTPS and encryption:
- TLS/SSL setting for HTTPS - by default, your API accepts HTTP and HTTPS requests. Enable HTTPS only in the TLS/SSL settings. Because your Function app is hosted on a secure subdomain, you can use it immediately (with https) and delay purchasing a domain name, and using a certificate for the domain until you're ready.
Deployment and monitoring:
- Deployment Slots - create a deployment slot, such as stage or preflight and push to that slot. Swap this stage slot to production when you're ready. Don't get in the habit of manually pushing to production. Your code base should be able to indicate the version or commit that is on a slot.
- Enable Application Insights for real-time telemetry, alerting, and anomaly detection to monitor your functions and audit logs for suspicious activity.

For comprehensive security guidance, see Securing Azure Functions.

Hosting options for Azure Functions

You can host Azure Functions in different ways depending on your requirements:

Azure Functions resource hosting plans

When you create an Azure Functions resource, you can choose from these hosting plans:

Consumption plan: Pay only for the time your functions run with automatic scaling.
Flex Consumption plan: Provides enhanced control with always-ready instances to reduce cold starts, virtual network integration, and configurable instance sizes (512 MB to 4 GB). This plan is recommended for new Linux-based workloads requiring enterprise security and performance features. Note that this plan uses execution-based billing similar to the Consumption plan but with additional costs for features like always-ready instances.
Premium plan: Provides enhanced performance with pre-warmed instances, virtual network connectivity, and longer execution durations.
Dedicated (App Service) plan: Run functions on dedicated virtual machines for predictable costs and full control over the runtime environment.

For more information about choosing the right hosting plan, see Azure Functions hosting options.

Azure Container Apps resource

Alternatively, you can deploy Azure Functions to an Azure Container Apps resource as containerized workloads. This option provides full control over the container environment and is ideal when you need custom dependencies, long-running processes, or want to combine functions with other containerized microservices. See Azure Container Apps hosting of Azure Functions for more information.

Prerequisites for developing Azure Functions

Node.js LTS - Use the latest Long Term Support (LTS) version for the best compatibility and security updates with Azure Functions.
Azure Functions Core Tools - Use the current major version for local development and debugging.

A simple JavaScript function for HTTP requests

A function is an exported asynchronous function with request and context information. The following partial screenshot from the Azure portal shows the function code.

v4 TypeScript
v4 JavaScript

import { app, HttpRequest, HttpResponseInit, InvocationContext } from "@azure/functions";

export async function status(request: HttpRequest, context: InvocationContext): Promise<HttpResponseInit> {
    context.log(`Http function processed request for url "${request.url}"`);

    return {
        status: 200,
        jsonBody: {
            env: process.env
        }
    };
};

app.http('status', {
    route: "status",
    methods: ['GET'],
    authLevel: 'anonymous',
    handler: status
});

import { app } from "@azure/functions";

async function status(request, context) {
    context.log(`Http function processed request for url "${request.url}"`);

    return {
        status: 200,
        jsonBody: {
            env: process.env
        }
    };
};

app.http('status', {
    route: "status",
    methods: ['GET'],
    authLevel: 'anonymous',
    handler: status
});

module.exports = status

Develop functions locally with Visual Studio Code and extensions

Create your first function using Visual Studio Code. Visual Studio Code simplifies many of the details with the Azure Functions extension.

This extension helps you create JavaScript and TypeScript functions with common templates.

Integrate with other Azure services

Serverless functions remove much of the server configuration and management so you can focus on just the code you need.

Low-code functions: With Azure Functions, you create functions triggered by other Azure services or that output to other Azure services using trigger bindings. The v4 programming model registers all triggers and bindings directly in your code, making configuration type-safe and intuitive.
High-code functions: For more control, use the Azure SDKs to coordinate and control other Azure services. Use managed identities to securely authenticate your functions with other Azure resources without managing credentials.

Feedback

Was this page helpful?

Last updated on 2025-12-11