Are Callable Cloud Functions better than HTTP functions?

With the latest Firebase Update callable functions were introduced. My question is whether this new way is faster than the "old" http triggers and if it is more secure.

I have no expertise in this field, but I think the HTTP vs HTTPS might make a difference.

This is interesting to me because if the callable functions are faster, they have that advantage, but their disadvantage lies in the nature of flexibility: They cannot be reached by other sources.

If the callable functions have no advantages in terms of speed or security I do not see a reason to switch it up.

Callable functions are exactly the same as HTTP functions, except the provided SDKs are doing some extra work for you that you don't have to do. This includes, on the client:

1. Handling CORS with the request (for web clients)
2. Sending the authenticated user's token
3. Sending the device instance id
4. Serializing an input object that you pass on the client
5. Deserializing the response object in the client

And on the backend in the function:

1. Validating the user token and providing a user object from that
2. Deserializing the input object in the function
3. Serializing the response object in the function

This is all stated in the documentation. If you are OK with doing all this work yourself, then don't use callables. If you want this work done automatically, then callables are helpful.

If you need direct control over the details of the HTTP protocol (method, headers, content body), then don't use a callable, because it will hide all these details.

There are no security advantages to using callables. There are no speed improvements.