Serverless functions give your HubSpot CMS site real back-end logic, running server-side on HubSpot's infrastructure with no server of your own to manage. We are the software engineering firm for HubSpot customers, so we design, build and harden these functions to production standards rather than gluing together no-code workarounds.
Serverless functions are the right tool whenever a CMS page needs to do something secure or dynamic that front-end code cannot do safely on its own. Here are the patterns we build most.
Receive a form post server-side, validate it, then forward it to an external CRM, ERP, booking or payment platform. Your API keys stay in encrypted secrets on HubSpot's infrastructure and never reach the browser, so credentials cannot be scraped from page source.
Pull live pricing, stock levels, availability or reviews from an external API at request time and render it on a HubSpot CMS page. The function makes the call server-side and returns clean JSON, so the integration stays fast and the source system stays private.
Run pricing logic, eligibility checks or quote calculations where the rates and rules must stay server-side. The browser only ever sees the result, so commercially sensitive logic and rate cards are never exposed to anyone inspecting the page.
Capture a custom on-page interaction and write the data straight into HubDB or the HubSpot CRM through a private app with scoped access. This powers dynamic listings, self-service updates and structured data capture beyond what a standard form can do.
Use a function as middleware so secrets and tokens never touch the client. The page calls your endpoint, the endpoint calls the protected service, and the response comes back sanitised. This is the safe way to connect a public site to a private system.
Build lightweight API endpoints that power interactive components, gated content, lead enrichment or self-service portal features. These endpoints become the back-end glue behind the bespoke experiences we engineer on top of HubSpot.
We treat every function as a real engineering deliverable, from scoping the contract to deploying it against HubSpot's documented limits.
Serverless functions require Content Hub Enterprise (formerly CMS Hub Enterprise); they are not available on Starter or Professional. We confirm your tier up front, then design within HubSpot's limits: a 10 second execution cap per function, 128MB of memory, a 6MB payload, application/json only, and an account ceiling of 100 endpoints and 600 execution seconds per minute before requests start returning 429.
We define the endpoints map in serverless.json, the HTTP methods each path accepts, and a clear request and response contract for the front end. Functions are deliberately fast and narrowly focused, so we shape the work to fit the 10 second window rather than trying to force long-running jobs into the wrong tool.
We build on HubSpot's nodejs20.x runtime and use the preloaded packages that ship with serverless functions, such as @hubspot/api-client and axios, directly. Where a build genuinely needs third-party npm dependencies via package.json, we use HubSpot's project-based serverless functions instead, choosing the right approach for the requirement rather than forcing one path to fit.
Third-party credentials are stored as encrypted secrets, kept off the client entirely, and never given the same name as an environment variable to avoid value conflicts. Where the function reads or writes CRM or HubDB data, we provision a private app with only the scopes it actually needs.
We add validation, error handling and graceful failure for rate limits and upstream timeouts, then deploy and verify against real traffic. HubSpot retains execution logs for 90 days, so we use them to confirm behaviour in production and to support the function after launch.
Everything you need to know about our services
You need Content Hub Enterprise, which was previously called CMS Hub Enterprise. Serverless functions are not available on Content Hub Starter or Professional, so this is the one hard requirement. If you are not yet on Enterprise we will tell you that early, before any build work starts, so you can make an informed decision about upgrading.
Each function gets up to 10 seconds of execution time and 128MB of memory, the invocation payload is capped at 6MB, and the content type is application/json. At account level you can have up to 100 endpoints and 600 execution seconds per minute, beyond which requests return a 429. Functions run on the nodejs20.x runtime. We design within these constraints from the start, which is why scoping the work correctly matters more than raw effort.
Credentials such as API keys and private app access tokens are stored as encrypted secrets on HubSpot's infrastructure, and they never reach the browser. The whole point of a serverless function here is to act as a secure proxy so sensitive keys, tokens and logic stay server-side. We also keep any private app scopes limited to exactly what the function needs.
A simple, self-contained function can start from around £2,000, and that figure is indicative rather than fixed. We keep the entry point deliberately low because some functions genuinely are small, and we would rather do the small job well and earn a long-term relationship than price you out of it. The real cost depends on scope: how many endpoints, how complex the third-party integrations are, the data volumes involved, the amount of validation and error handling required, and whether your account is already on Content Hub Enterprise. Multi-endpoint or integration-heavy builds are larger engagements. We work to a fixed price wherever the scope allows, and we back it with our guarantee: delivered on time, or you get 20% back.
We are the software engineering firm for HubSpot customers, a HubSpot Diamond Partner and HubSpot Custom Integration Accredited, with an in-house engineering team and Cyber Essentials Plus certification. Our own website runs on React UI work and HubSpot serverless functions, so the capability is genuine and not theoretical. We write real Node.js, not no-code glue, and where it fits we deliver productised, customisable solutions you can run yourself, hosted on Railway.
Functions are intended to be fast and narrowly focused, and there is no documented way to raise the 10 second execution limit, so some requirements should not live inside a single function. When that is the case we tell you plainly and propose the right architecture, whether that is splitting the work across endpoints, moving heavier processing into a separate service, or combining functions with other parts of the HubSpot platform. Default to Build means building the right thing, not forcing the wrong tool to fit.
Decision-stage reading to help you scope the right approach.
A decision matrix for the three approaches, by use case, reliability and cost.
The limits, retries and maintenance debt teams underestimate when building it themselves.
