Browse Serverless Patterns and Anti-Patterns

Function-Backed APIs

March 23, 2026

Describe the pattern of routing requests through an API gateway or managed HTTP entry point into function handlers. Explain the strengths and typical failure modes.

On this page

Function-backed APIs are the basic HTTP-facing serverless pattern. A managed gateway or HTTP entry point receives the request, applies routing and policy, and invokes a function handler that performs one bounded piece of application work. This is attractive because teams can expose useful APIs without running application servers directly, while still keeping durable state in managed databases, queues, object stores, or workflow services.

This pattern is strongest when the request path is thin and coherent. The function should do something specific and understandable: validate a business rule, write one authoritative state change, fetch one response shape, or accept work and hand off the rest asynchronously. It gets weaker when teams expect the function to behave like a long-running application server with many deep dependencies and several unrelated side effects in one request path.

    flowchart LR
	    A["Client"] --> B["Gateway or managed HTTP entry point"]
	    B --> C["Function handler"]
	    C --> D["Managed data store"]
	    C --> E["Queue or event bus"]
	    B --> F["Auth, validation, rate limits, caching"]

What to notice:

  • the gateway and the function are different boundaries
  • the handler should not absorb every edge concern itself
  • a healthy HTTP request path often ends with one durable action and maybe one asynchronous handoff

Why Teams Start Here

This pattern is familiar. It looks like an API, behaves like an API, and still benefits from serverless deployment and scaling. It is commonly used for:

  • CRUD-style APIs
  • webhook receivers
  • internal tools
  • mobile or partner endpoints
  • user-facing writes that can publish downstream work

The big benefit is platform reduction. Teams can often get a useful API online with less infrastructure toil than with self-managed application servers.

Where the Pattern Is Strong

Function-backed APIs are especially good when:

  • handlers are short-lived
  • most state is already external
  • latency targets are moderate rather than extreme
  • the request path does not require many serial downstream calls
  • heavy work can be pushed out to queues or workflows

The closer the request path stays to one bounded business action, the stronger the pattern becomes.

Where It Gets Weak

The pattern becomes weaker when:

  • the handler performs several unrelated side effects
  • the function makes many synchronous downstream calls
  • the response must be very latency-consistent
  • large framework or dependency initialization dominates runtime behavior

At that point, the function is no longer a clean HTTP boundary. It is acting like a mini service host with poorer runtime control.

A Typical Function-Backed API Shape

 1api:
 2  route: POST /claims
 3  auth: required
 4  request_validation:
 5    - policyId required
 6    - documentKey required
 7
 8function:
 9  handler: src/claims.submit
10  timeout_seconds: 20
11
12resources:
13  claims_store: claims
14  workflow_queue: claim-review-jobs

 1type SubmitClaimRequest = {
 2  policyId: string;
 3  documentKey: string;
 4};
 5
 6export async function submitClaim(request: SubmitClaimRequest) {
 7  const claimId = claimIds.next();
 8
 9  await claimsStore.put({
10    claimId,
11    policyId: request.policyId,
12    documentKey: request.documentKey,
13    status: "submitted",
14  });
15
16  await workflowQueue.publish({
17    claimId,
18    policyId: request.policyId,
19  });
20
21  return {
22    claimId,
23    status: "submitted",
24  };
25}

This is strong because the request path is bounded:

  • one durable write establishes the source of truth
  • downstream review work happens asynchronously
  • the handler is not trying to complete the entire business process before replying

Typical Failure Modes

Function-backed APIs often become unhealthy in three ways:

  • request-path bloat: too much orchestration is kept synchronous
  • hidden coupling: the handler relies on several downstream systems but no one treats them as part of the API latency budget
  • edge neglect: gateway features are ignored, so every function repeats auth, throttling, and request validation boilerplate

These are not serverless-specific bugs. They are boundary mistakes that serverless makes visible quickly.

Design Review Question

A team built a POST /checkout handler that validates input, writes the cart state, authorizes payment, creates shipment labels, sends email, calls analytics, and updates loyalty records before returning. The function still “fits” the platform. Is this a strong function-backed API?

Usually no. The stronger answer is that the request path now contains several actions with different latency, failure, and retry characteristics. A better design usually persists the authoritative state change, maybe performs one critical synchronous dependency call if required, and pushes the rest into clearer downstream processing.

Check Your Understanding

Loading quiz…
Revised on Thursday, April 23, 2026
6.2 API Gateway Patterns