External URLs

When a function has .ingress("public"), Alien creates an HTTPS endpoint for it.

Alien creates the infrastructure — the customer's network controls who can reach it. Depending on how the customer configures their environment, the same endpoint could be:

• On the public internet — for receiving webhooks from SaaS services like GitHub, Stripe, or Slack
• Available only to employees — behind a VPN or private DNS (tool.corp.internal), for dashboards and admin interfaces
• Available only to other services — as an internal API that other services in the customer's environment call over HTTP

What Gets Created

Each platform sets up the endpoint differently:

Getting the URL

From the manager API:

GET /v1/deployments/:id/info

Returns publicUrl per resource in the response.

From inside the function — e.g. to return its own URL or pass it to another service:

import { func } from "@alienplatform/sdk"

const api = await func("api")
const url = await api.getUrl()  // undefined if no external URL

let api = ctx.bindings().load_function("api").await?;
let url = api.get_function_url().await?;  // None if no external URL

Use Cases

• AI APIs — expose an inference endpoint in the customer's cloud that your control plane calls
• Webhooks — receive callbacks from third-party services (Stripe, GitHub, Slack)
• Internal tools — customer employees access dashboards or admin interfaces
• Microservices — other services in the customer's environment call your function over HTTP

Custom Domains

Customers can use their own domain and TLS certificate instead of the auto-generated cloud URL. This is configured per-deployment via stack settings:

{
  "domains": {
    "customDomains": {
      "api": {
        "domain": "api.corp.megacorp.internal",
        "certificate": {
          "aws": { "certificateArn": "arn:aws:acm:us-east-1:..." }
        }
      }
    }
  }
}

Platform-specific certificate references:

Alien handles certificate import and load balancer configuration. The customer manages DNS.