Are Callable Cloud Functions better than HTTP functions?
Callable functions are exactly the same as HTTP functions, except the provided SDKs are doing some extra work for you that you don't have to do. This includes, on the client:
- Handling CORS with the request (for web clients)
- Sending the authenticated user's token
- Sending the device instance id
- Serializing an input object that you pass on the client
- Deserializing the response object in the client
And on the backend in the function:
- Validating the user token and providing a user object from that
- Deserializing the input object in the function
- Serializing the response object in the function
This is all stated in the documentation. If you are OK with doing all this work yourself, then don't use callables. If you want this work done automatically, then callables are helpful.
If you need direct control over the details of the HTTP protocol (method, headers, content body), then don't use a callable, because it will hide all these details.
There are no security advantages to using callables. There are no speed improvements.
creativecreatorormaybenot
Updated on June 03, 2022Comments
-
creativecreatorormaybenot about 2 years
With the latest Firebase Update callable functions were introduced. My question is whether this new way is faster than the "old" http triggers and if it is more secure.
I have no expertise in this field, but I think the HTTP vs HTTPS might make a difference.
This is interesting to me because if the callable functions are faster, they have that advantage, but their disadvantage lies in the nature of flexibility: They cannot be reached by other sources.
If the callable functions have no advantages in terms of speed or security I do not see a reason to switch it up.
-
creativecreatorormaybenot over 6 yearsI really appreciate this answer. I did not find anything like this in the documentation, that is why I asked in the first place. I think you are talking about "Callable functions are similar to other HTTP functions, with these additional features: With callables, Firebase Authentication and FCM tokens are automatically included in requests. The functions.https.onCall trigger automatically deserializes the request body and validates auth tokens.". I could not derive from that that there is no performance difference.
-
Luis Ruiz Figueroa about 6 yearscan I debug this locally? -
kkost almost 6 years@LuisRuizFigueroa no way to do that.. I've asked about that as well: stackoverflow.com/questions/51233554/…
-
GorvGoyl over 4 years@LuisRuizFigueroa it's possible now see stackoverflow.com/a/59077802/3073272 -
Denis Liger almost 4 yearsAny price difference?
-
nsolent almost 3 yearsGreat outline. There is now a security advantage, App Check, currently only available to callables: firebase.google.com/docs/app-check/cloud-functions
