Backend

Edge Functions & Secrets

Serverless JavaScript functions for backend logic — OAuth, webhooks, database access, and more.

What are edge functions

Edge functions are serverless JavaScript functions that run on the platform. They're great for backend logic that needs to stay private — like OAuth callbacks, Stripe webhooks, sending emails, or querying your database securely.

Functions live in your project's edge-functions/ folder. Each file is a Node.js module that exports an async handler:

// edge-functions/my-function.js
module.exports = async (req, res, { db, env }) => {
  const rows = await db.query("SELECT * FROM users");
  res.json({ data: rows.rows, key: env.STRIPE_KEY });
};

The function receives req (Express request), res (Express response), and a context object with db (PostgreSQL client) and env (merged secrets + environment variables).

Deploy & invoke

Open the Fn button in the IDE footer to manage your edge functions. From the Functions panel you can:

  • Create new functions with a default Node.js template
  • Deploy function code to the platform
  • Test invocations with GET or POST directly from the IDE
  • Copy the function's public URL
  • Delete functions

Functions are invoked at https://api.aicodesit.com/fn/{projectId}/invoke/{name}. You can also use path-style actions: /invoke/auth/signup is equivalent to /invoke/auth?action=signup.

Runtime & portability

Edge functions use a simple Node.js Express-style signature — (req, res, { db, env }) — rather than the Cloudflare Workers or AWS Lambda format. This keeps functions easy to read and the AI can generate correct function code without extra context.

If you ever want to move a function off the platform, adapting it to standard Express is straightforward:

// adapting to standard Express
const handler = require("./my-function");
app.post("/my-function", (req, res) => handler(req, res, { db, env: process.env }));

Note: The db context is a standard node-postgres (pg) client. Any code that queries db will work unchanged against any PostgreSQL database.

Secrets manager

The Secrets tab (inside the Fn panel) is a server-side key-value store for sensitive credentials. Secrets are stored on the server — they are never committed to your git repository.

  • System secrets — auto-managed by the platform (shown with a lock icon): DATABASE_URL, DB_SCHEMA, DB_REST_URL, ANON_KEY, DB_API_KEY, AUTH_SECRET. Cannot be deleted
  • User secrets — add your own keys like STRIPE_SECRET_KEY, SENDGRID_API_KEY, etc. Values are masked in the UI with a copy button
  • All secrets are injected into edge functions automatically via the env context object

Note: Database credentials are stored server-side only and are never committed to your git repository.