Why does a public endpoint of an HTTP trigger fail to return an .apk file?

Updated at:
Copy as MD

Public endpoints of HTTP triggers (format: https://[subdomain-prefix].[region].fcapp.run) block APK file responses for security reasons. If your function was created on or after June 10, 2024, any request that tries to return an .apk file through a public endpoint returns a 400 error with the error code ApkDownloadForbidden.

To serve APK files, switch to the internal endpoint or bind a custom domain name.

Choose a solution

SolutionBest for
Internal endpointApps running inside a Virtual Private Cloud (VPC) that can reach [subdomain-prefix].[region]-vpc.fcapp.run
Custom domain nameApps that need a public URL you control, with full support for any content type

Use the internal endpoint

The internal endpoint bypasses the APK restriction and is accessible within the same VPC.

  1. Log on to the Function Compute console. In the left-side navigation pane, click Functions.

  2. In the top navigation bar, select the region where your function is deployed. On the Functions page, click your function.

  3. On the function details page, click the Configurations tab, then click Triggers in the left-side navigation pane.

  4. On the Triggers tab, find the trigger and copy the Internal Endpoint from the Configurations column.

Use the copied endpoint (format: https://[subdomain-prefix].[region]-vpc.fcapp.run) in your application.

Use a custom domain name

Bind a custom domain name to your HTTP trigger to serve APK files over the public internet without restrictions. For setup instructions, see Configure custom domain names.