The examples we've seen up until now created functions available on a public endpoint, and required no authentication or authorization. If your function accesses protected data, it is paramount to secure the function endpoint.
By default, all the function endpoints on a default domain (a subdomain of azurewebsites.net) provided by Azure use HTTPS, combining HTTP protocol with Transport Layer Security (TLS) encryption (still commonly referred to as the older protocol name, SSL), so that the data transferred to and from the function cannot be "sniffed" over the internet connection. TLS, in combination with endpoint authorization (function keys), helps ensure that your function can only be triggered by authorized users. ...