Why Edge Functions Are Worth Your Attention in 2026
Traditional REST APIs live on a single server or cluster — meaning every request travels to that one location, no matter where your user is. Edge functions change that entirely. With platforms like Cloudflare Workers, your API logic runs on servers physically close to each user, slashing latency and eliminating cold-start delays that plague serverless functions on AWS Lambda or Google Cloud Functions.
For SMBs in Australia, Singapore, Canada, and the United States, this matters practically. A Sydney-based user hitting a Cloudflare edge node in Sydney gets a response in milliseconds — not the 300ms round trip to a US-East data centre. In 2026, with Cloudflare's network spanning 300+ cities worldwide, building APIs on the edge is one of the highest-leverage architectural decisions you can make for performance-sensitive applications.
This guide walks you through building a production-ready REST API on Cloudflare Workers from scratch, using Hono — the lightweight, edge-native web framework that has become the go-to choice for this stack.
What You'll Need
- Node.js 20+ installed locally
- A free Cloudflare account (cloudflare.com)
- Basic familiarity with TypeScript and REST API concepts
- npm or pnpm as your package manager
- Wrangler CLI (Cloudflare's official developer tool)
Step 1: Install Wrangler and Scaffold Your Project
Wrangler is the CLI that manages everything from local development to production deployments on Cloudflare Workers.
Open your terminal and run:
npm install -g wrangler
npm create hono@latest my-edge-apiWhen prompted, select cloudflare-workers as the template. This scaffolds a project pre-configured for the Workers runtime with TypeScript support out of the box.
Navigate into your project:
cd my-edge-api
npm installYour project structure will look like this:
my-edge-api/
├── src/
│ └── index.ts
├── wrangler.toml
├── package.json
└── tsconfig.jsonPro tip: Use pnpm instead of npm if you're managing multiple Workers projects — it handles workspace dependencies significantly faster.
Step 2: Authenticate Wrangler with Your Cloudflare Account
Before you can deploy or use remote bindings, authenticate your local environment:
wrangler loginThis opens a browser window. Log in with your Cloudflare credentials and grant Wrangler access. You only need to do this once per machine.
Verify the authentication worked:
wrangler whoamiYou should see your account name and email printed to the terminal.
Step 3: Define Your API Routes with Hono
Open src/index.ts. The default scaffold gives you a minimal Hono app. Let's build a practical example — a simple product catalogue API that an e-commerce SMB might use.
Replace the contents of src/index.ts with the following:
import { Hono } from 'hono'
import { cors } from 'hono/cors'
import { zValidator } from '@hono/zod-validator'
import { z } from 'zod'
type Bindings = {
PRODUCTS_KV: KVNamespace
}
const app = new Hono<{ Bindings: Bindings }>()
// Enable CORS for all routes
app.use('*', cors())
// GET all products
app.get('/products', async (c) => {
const list = await c.env.PRODUCTS_KV.list()
const products = await Promise.all(
list.keys.map(async (key) => {
const value = await c.env.PRODUCTS_KV.get(key.name, 'json')
return value
})
)
return c.json({ products })
})
// GET single product
app.get('/products/:id', async (c) => {
const id = c.req.param('id')
const product = await c.env.PRODUCTS_KV.get(id, 'json')
if (!product) return c.json({ error: 'Product not found' }, 404)
return c.json(product)
})
// POST create product
const productSchema = z.object({
name: z.string().min(1),
price: z.number().positive(),
sku: z.string().min(1),
})
app.post(
'/products',
zValidator('json', productSchema),
async (c) => {
const data = c.req.valid('json')
const id = crypto.randomUUID()
await c.env.PRODUCTS_KV.put(id, JSON.stringify({ id, ...data }))
return c.json({ id, ...data }, 201)
}
)
export default appInstall the additional dependencies:
npm install hono zod @hono/zod-validatorWhat's happening here: Hono provides the routing layer. Zod validates incoming request bodies at the edge before any business logic runs — this is critical for production APIs. Cloudflare KV is used as a lightweight key-value store, perfect for product catalogues, configuration data, or session storage.
Step 4: Configure Cloudflare KV and wrangler.toml
Your API references a KV namespace called PRODUCTS_KV. You need to create it on Cloudflare and bind it to your Worker.
Create the KV namespace:
wrangler kv:namespace create PRODUCTS_KVWrangler will output something like:
{ binding = "PRODUCTS_KV", id = "abc123def456" }Copy that output and add it to your wrangler.toml:
[vars]
ENVIRONMENT = "production"
[[kv_namespaces]]
binding = "PRODUCTS_KV"
id = "abc123def456"
# For local development, create a preview namespace too
# wrangler kv:namespace create PRODUCTS_KV --preview
# Then add: preview_id = "your-preview-id"Common pitfall: Forgetting to create a separate preview namespace for local development. Without it, wrangler dev will simulate KV locally but won't persist data between restarts. For persistent local testing, create and configure the preview namespace.
Step 5: Run the API Locally
Start the local development server:
wrangler devYour API will be available at http://localhost:8787. Test it with curl or a tool like Bruno (the open-source API client that has largely replaced Postman in modern development workflows):
# Create a product
curl -X POST http://localhost:8787/products \
-H "Content-Type: application/json" \
-d '{"name": "Wireless Headphones", "price": 149.99, "sku": "WH-001"}'
# Fetch all products
curl http://localhost:8787/productsYou should receive a 201 Created response with the new product's UUID, then a list containing that product.
Pro tip: Add a logger() middleware from Hono during development to see every request logged in your terminal — app.use('*', logger()). Remove it before production to reduce unnecessary processing at the edge.
Step 6: Add API Key Authentication
A public API with no authentication is a liability. Cloudflare Workers has a native way to handle this using the bearerAuth middleware from Hono:
import { bearerAuth } from 'hono/bearer-auth'
// Store your API key in a Worker secret, not in wrangler.toml
// wrangler secret put API_SECRET_KEY
app.use('/products/*', (c, next) => {
const auth = bearerAuth({ token: c.env.API_SECRET_KEY })
return auth(c, next)
})Set the secret value without exposing it in your codebase:
wrangler secret put API_SECRET_KEYWrangler will prompt you to enter the value securely. This stores it as an encrypted environment variable — never committed to git.
Step 7: Deploy to the Edge
When you're ready to go live, deployment is a single command:
wrangler deployWithin seconds, your API is live across Cloudflare's global network. Wrangler will output a URL like https://my-edge-api.your-subdomain.workers.dev.
To attach a custom domain (e.g. api.yourcompany.com), go to your Cloudflare dashboard, navigate to Workers & Pages, select your Worker, then click Triggers > Add Custom Domain. Cloudflare handles SSL provisioning automatically.
Common pitfall: Deploying without setting your production secrets first. Run wrangler secret put API_SECRET_KEY before deploying if you haven't already — otherwise your authentication middleware will have no token to validate against.
Step 8: Monitor and Observe Your API
Cloudflare's built-in analytics give you request volume, error rates, and CPU time per invocation — accessible directly in the Workers dashboard. For structured logging and distributed tracing, integrate with Baselime (now part of Cloudflare) or highlight.io, both of which have native Workers support in 2026.
Add a simple error boundary to your Hono app to ensure all unhandled errors return structured JSON rather than exposing stack traces:
app.onError((err, c) => {
console.error(err)
return c.json({ error: 'Internal server error' }, 500)
})
app.notFound((c) => {
return c.json({ error: 'Route not found' }, 404)
})This is a small addition that makes a significant difference when debugging production issues — especially when you're handling traffic from multiple regions simultaneously.
Common Pitfalls to Avoid
- Treating Workers like Node.js: The Workers runtime is not Node.js. It uses the V8 engine directly with a Web Standards API surface. Libraries that rely on Node.js built-ins (like
fs,path, ornet) will not work. Always check Cloudflare's compatibility flags before adding a dependency. - Overloading KV for high-write workloads: KV is optimised for read-heavy use cases. If your API writes frequently (e.g. real-time order tracking), use Cloudflare D1 (SQLite at the edge) or Durable Objects instead.
- Ignoring CPU time limits: Workers have a CPU time limit per invocation (typically 50ms on the free plan, 30 seconds on paid). Complex data transformations or synchronous loops can breach this. Profile early.
Next Steps
You now have a fully deployed, authenticated REST API running at the edge — capable of serving users in Sydney, Singapore, Toronto, and San Francisco with near-identical latency. From here, consider:
- Migrating your data layer to Cloudflare D1 for relational queries using Drizzle ORM
- Adding rate limiting using Cloudflare's built-in Rate Limiting rules in the dashboard
- Integrating Cloudflare Queues for async background jobs (order processing, email triggers)
- Setting up end-to-end tests with Vitest and the
@cloudflare/vitest-pool-workerspackage
If you're building a product that needs a robust API layer but your team's bandwidth is already stretched, the team at Lenka Studio builds scalable backend architectures on modern edge infrastructure for SMBs across Australia, Singapore, Canada, and the US. Whether you need a full API built from scratch or a review of your existing architecture, reach out and let's talk — we're happy to help you ship something solid.
