HTTP Request Trigger

Use ASP.NET Core to expose endpoints that receive input, enrich with DI-backed services, and invoke SK functions.

When to use

• Interactive APIs, UX callbacks, synchronous responses.
• Low-latency orchestration that may call downstream services via SK plugins/functions.

Minimal API example (C#)

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddHttpClient();
// Register SK and your plugins
// builder.Services.AddSingleton<Kernel>(...);

var app = builder.Build();

app.MapPost("/summarize", async (SummaryRequest req, Kernel kernel) =>
{
    var summarize = kernel.CreateFunctionFromPrompt(
        """
        Summarize in one sentence:\n{{$input}}
        """,
        "summarize");

    var result = await kernel.InvokeAsync(summarize, new() { ["input"] = req.Text });
    return Results.Ok(new { summary = result.ToString() });
});

app.Run();

record SummaryRequest(string Text);

Auth, throttling, and resiliency

• AuthN/Z: JWT bearer, OAuth2, or API keys; prefer .RequireAuthorization() policies.
• Throttling: ASP.NET Core rate limiter middleware; respond with 429 and Retry-After.
• Downstream resiliency: IHttpClientFactory + Polly policies; timeouts are mandatory.

Hosting

• Kestrel behind reverse proxy (nginx/IIS) or inside a container.
• Windows: IIS with ASP.NET Core Module. Linux: systemd service or container.

Pros / Cons

• Pros: Simple, scalable, observable; great integration surface.
• Cons: Public exposure increases security surface; ensure DDoS protections and input validation.