DEV Community

Cover image for Hono.js Tutorial: REST API with Zod, JWT & Cloudflare Workers
Dev Encyclopedia
Dev Encyclopedia

Posted on • Originally published at devencyclopedia.com

Hono.js Tutorial: REST API with Zod, JWT & Cloudflare Workers

#hono #cloudflarechallenge #typescript #webdev

Hono is a web framework built on the Web Fetch API, which means the same router and middleware run unchanged on Cloudflare Workers, Bun, Deno, Node.js, and AWS Lambda. It's small (around 14KB), has zero dependencies, and ships with first-class TypeScript support including full type inference for route params, query strings, and validated request bodies. Cloudflare uses it internally for parts of its own product surface.

That combination matters in 2026: edge runtimes are now the default target for new APIs, and Hono treats "runs everywhere" as a core design goal rather than an afterthought.

I wrote a full walkthrough that builds a real REST API from scratch, and this post covers what's inside it.

What the guide builds

The tutorial goes from npm create hono@latest to a deployed, validated, JWT-protected API on Cloudflare's edge network. It covers:

  1. Project setup with create-hono picking the cloudflare-workers template and understanding the context object (c) that every handler receives.
  2. Your first routes handling path params, query strings, and JSON bodies with c.req.param(), c.req.query(), and await c.req.json().
  3. Middleware built-in logger(), cors(), and timing(), plus writing your own with the c, next shape and route-level scoping like app.use('/api/*', cors()).
  4. Input validation with Zod using @hono/zod-validator to parse and type request bodies in one step, with automatic 400 responses on failure.
  5. JWT authentication using the built-in hono/jwt middleware to sign tokens and protect routes, reading secrets from c.env rather than hardcoding them.
  6. Organizing a real API with app.route() splitting users, posts, and comments into separate sub-apps that each keep their own routes and middleware.
  7. Deploying to Cloudflare Workers with wrangler deploy, configuring wrangler.toml, and storing secrets encrypted via wrangler secret put.
  8. Deploying to Node.js instead swapping only the entry point with @hono/node-server, leaving every route and validator untouched.
  9. Hono vs Express an honest comparison of bundle size, TypeScript support, edge runtime support, and when each one is the right default.

The short version 

npm create hono@latest my-api
# pick the cloudflare-workers template
cd my-api && npm install && npm run dev
Enter fullscreen mode Exit fullscreen mode

A minimal app looks like this:

import { Hono } from 'hono'

const app = new Hono()

app.get('/', (c) => {
  return c.json({ message: 'Hello Hono!' })
})

export default app
Enter fullscreen mode Exit fullscreen mode

The same app object you build runs unchanged on Node.js if you need that flexibility later. Only the entry point changes, never the routes, middleware, or validators.

Read the full tutorial

The complete guide has working code for every step, a Hono vs Express comparison table, and an FAQ covering performance, Node.js support, and Zod validation behavior:

👉 Hono.js Tutorial: REST API with Zod, JWT & Cloudflare Workers

If you're building something new for the edge in 2026, Hono is worth a serious look.

Top comments (0)