Why does a public endpoint of an HTTP trigger fail to return an .apk file?
Public endpoints of HTTP triggers (format: https://[subdomain-prefix].[region].fcapp.run) block APK file responses for security reasons. If your function was created on or after June 10, 2024, any request that tries to return an .apk file through a public endpoint returns a 400 error with the error code ApkDownloadForbidden.
To serve APK files, switch to the internal endpoint or bind a custom domain name.
Choose a solution
| Solution | Best for |
|---|---|
| Internal endpoint | Apps running inside a Virtual Private Cloud (VPC) that can reach [subdomain-prefix].[region]-vpc.fcapp.run |
| Custom domain name | Apps that need a public URL you control, with full support for any content type |
Use the internal endpoint
The internal endpoint bypasses the APK restriction and is accessible within the same VPC.
Log on to the Function Compute console. In the left-side navigation pane, click Functions.
In the top navigation bar, select the region where your function is deployed. On the Functions page, click your function.
On the function details page, click the Configurations tab, then click Triggers in the left-side navigation pane.
On the Triggers tab, find the trigger and copy the Internal Endpoint from the Configurations column.
Use the copied endpoint (format: https://[subdomain-prefix].[region]-vpc.fcapp.run) in your application.
Use a custom domain name
Bind a custom domain name to your HTTP trigger to serve APK files over the public internet without restrictions. For setup instructions, see Configure custom domain names.