http4s
Minimal, purely functional HTTP library for Scala that provides both server (http4s-ember-server, http4s-blaze-server) and client (http4s-ember-client) implementations. HTTP requests and responses are modeled as pure data types with fs2 streaming bodies. Routes are PartialFunction[Request[F], F[Response[F]]] composable values — no reflection, no annotations. Part of the Typelevel ecosystem alongside Cats Effect and Doobie.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS via ember-server SSL configuration. No auth built-in — middleware responsibility. Pure functional design prevents implicit side effects. No reflection = no deserialization gadget attacks.
⚡ Reliability
Best When
You're building Typelevel Scala microservices that integrate with Doobie, fs2, and Cats Effect and want a purely functional HTTP layer with streaming and type safety.
Avoid When
You need a batteries-included framework with routing conventions, ORM, and built-in auth — use Play Framework or Akka HTTP for a more complete web framework in Scala.
Use Cases
- • Build purely functional HTTP APIs for Scala agent backends using http4s routes defined as composable case-match expressions
- • Make HTTP client requests in Cats Effect agent services using http4s EmberClient with streaming response body handling
- • Stream large agent data responses using fs2 Stream integration — handle GB-scale JSON responses without loading into memory
- • Implement HTTP middleware (auth, logging, rate limiting) as HttpRoutes → HttpRoutes functions that compose cleanly
- • Build microservices with http4s for type-safe request/response handling where compiler enforces proper effect handling
Not For
- • Teams new to functional Scala — http4s's F[_] abstraction and effect system require Cats Effect familiarity
- • CRUD apps where Ruby on Rails or Django conventions are preferred — http4s has no scaffolding, no ORM conventions
- • Java interop-heavy teams — http4s is idiomatic Scala; use Spring WebFlux for teams wanting familiar Java Spring conventions in JVM
Interface
Authentication
http4s provides no auth. Authentication implemented as HttpRoutes middleware — check Authorization header and return 401 before passing to route. TSec and http4s-jwt-auth libraries add JWT auth.
Pricing
http4s is Apache 2.0 licensed and maintained by the Typelevel organization. Free for all use.
Agent Metadata
Known Gotchas
- ⚠ Routes are PartialFunction — unmatched routes return 404 automatically, but defining routes with complex guards may silently fall through to 404 without obvious debug output
- ⚠ Request body can only be decoded once — http4s bodies are fs2 Streams; consuming the body (req.as[Json]) depletes the stream; cannot read the body twice; cache decoded result
- ⚠ http4s version must match Cats Effect and fs2 versions — the ecosystem has tight version coupling; use the http4s version catalog or Bill of Materials to avoid dependency conflicts
- ⚠ EmberClient has a connection pool configured via EmberClientBuilder — the default pool is small (max connections: 10); agent services making many concurrent outbound requests must configure maxTotalConnections
- ⚠ Response body must be consumed — http4s client responses have connection-backed bodies; not consuming the body (even on error) holds the connection; always use .use or .flatMap to consume
- ⚠ Middleware ordering matters — AuthMiddleware applied after compression middleware sees compressed request bodies; apply decoding middleware before authentication to access decoded request
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for http4s.
Scores are editorial opinions as of 2026-03-06.