http4k
Functional toolkit for HTTP in Kotlin. http4k models HTTP as pure functions: HttpHandler = (Request) -> Response. No magic, no reflection, no annotations — just Kotlin functions. Both server and client implementations use the same interface, enabling in-memory testing without starting a server. Extremely testable by design. Supports multiple backends (Jetty, Netty, Undertow, AWS Lambda) with the same handler code.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Pure functional model reduces side-effect attack surface. Immutable request/response prevents mutation attacks. No reflection reduces attack surface. Community-maintained.
⚡ Reliability
Best When
You want maximum testability and functional purity in Kotlin HTTP code — http4k's in-memory testing and pure function model eliminate testing overhead.
Avoid When
You need Spring ecosystem libraries or your team prefers annotation-based MVC patterns — http4k's functional model is a paradigm shift.
Use Cases
- • Build agent HTTP handlers as pure Kotlin functions — easy to test, compose, and reason about without framework magic
- • Test agent HTTP interactions in-memory without starting a server — http4k's in-process client runs handlers locally for fast, zero-overhead tests
- • Deploy agent services to AWS Lambda using http4k's Lambda adapter — same handler code, different backend binding
- • Compose agent middleware (auth, logging, rate limiting) as Filter functions that wrap HttpHandler — clean functional composition
- • Generate type-safe HTTP clients from OpenAPI specs using http4k's connect toolkit for agent-to-service communication
Not For
- • Teams wanting annotation-based MVC or Spring-style controllers — http4k is deliberately different; Spring Boot is better for annotation-familiar teams
- • Projects requiring Spring ecosystem (JPA, Spring Data, Spring Security) — http4k has no Spring integration
- • Developers new to functional programming — http4k's pure function model requires FP thinking; more approachable frameworks exist for FP newcomers
Interface
Authentication
Auth implemented as Filter functions. No built-in auth module — compose authentication as filter middleware. Clean functional approach to auth injection.
Pricing
Community-maintained open source. Apache 2.0 license.
Agent Metadata
Known Gotchas
- ⚠ http4k Request and Response are immutable — modifying a request requires creating a new one (request.with(Header.ACCEPT of ContentType.APPLICATION_JSON)); mutation methods return new objects
- ⚠ The same HttpHandler interface serves both server and client roles — this is powerful but confusing initially; test clients, server handlers, and reverse proxies all implement HttpHandler
- ⚠ http4k's routing uses path()/bind() DSL which requires importing the right infix functions — missing imports cause 'Unresolved reference' for operators like '/' and 'bind'
- ⚠ Lens extraction throws LensFailure (not null) when a required parameter is missing — agents must handle LensFailure or use optional lenses for nullable parameters
- ⚠ Streaming bodies in http4k are consumed once — reading body.stream() twice throws an error; use body.payload for repeated access
- ⚠ AWS Lambda deployment requires replacing the backend dependency (http4k-serverless-lambda) while keeping handler code unchanged — forgetting to swap dependencies causes server startup behavior in Lambda
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for http4k.
Scores are editorial opinions as of 2026-03-06.