Vercel Cron Generator

Vercel Cron Jobs: scheduled serverless invocations the easy way

Vercel Cron Jobs is a platform feature, launched in May 2023, that periodically hits an HTTP endpoint on a schedule you declare in your project's vercel.json. Instead of provisioning a server with crontab, signing up for a SaaS like Cron-job.org, or wiring AWS EventBridge to a Lambda, you ship a serverless function and a few lines of config — Vercel takes care of the rest. The schedule fires at the declared instant in UTC (always UTC, no timezone awareness) and Vercel issues a regular HTTP GET against the path you specified.

This generator emits a ready-to-paste crons block. Below is a deep reference covering the JSON syntax, plan-tier limits, authentication patterns, sample handler code, common use cases, and how Vercel Cron stacks up against alternatives.

The vercel.json syntax

Cron jobs live in a top-level crons array. Each entry needs a path (the API route to invoke) and a schedule (a standard 5-field cron expression):

{
  "crons": [
    { "path": "/api/cleanup", "schedule": "0 3 * * *" },
    { "path": "/api/digest",  "schedule": "*/15 * * * *" }
  ]
}

The cron expression follows the canonical Unix form: minute hour day-of-month month day-of-week. Vercel does not support the seconds field, the Quartz year field, or Quartz wildcards like L/W/#. Vixie-cron special strings such as @hourly are accepted by some teams but not officially documented — prefer the explicit form.

Authenticating the request: the CRON_SECRET pattern

Cron-invoked endpoints are still public URLs. Without auth, anyone who guesses the route can trigger your cleanup job from a coffee shop. Vercel automatically sends an Authorization: Bearer <CRON_SECRET> header when you set an environment variable named exactly CRON_SECRET in your project. Verify it on the way in:

// app/api/cleanup/route.ts (Next.js App Router)
export async function GET(request: Request) {
  const auth = request.headers.get('authorization');
  if (auth !== `Bearer ${process.env.CRON_SECRET}`) {
    return new Response('Unauthorized', { status: 401 });
  }
  // ... do the work
  return Response.json({ success: true });
}

Generate the secret with openssl rand -hex 32 and store it in Vercel's encrypted env vars (Production + Preview). Rotate it like any other shared secret.

Plan tier limits

• Hobby (free): 2 cron jobs total per account, minimum interval of 1 invocation per day, function execution capped at 10 seconds.
• Pro: 40 cron jobs, minimum interval of 1 minute, function execution up to 60 seconds (or higher with Fluid Compute).
• Enterprise: customizable limits, dedicated SLA, audit logging through enterprise add-ons.

Cron invocations count toward your function execution and bandwidth quotas like any other request. Heavy nightly jobs can chew through the Hobby tier surprisingly fast — monitor the Vercel dashboard.

Common use cases

• Database hygiene: delete stale sessions, expired tokens, soft-deleted records past the retention window.
• Email digests: daily or weekly summaries assembled from the previous day's activity.
• OAuth token refresh: keep long-lived integrations alive by rotating tokens before they expire.
• Cache warming: pre-render expensive pages or pre-fetch third-party data before users arrive.
• Healthcheck pings: tickle an external monitoring URL (UptimeRobot, Better Stack) so it knows your scheduler is alive.
• Reports and analytics rollups: aggregate yesterday's events into daily summary tables.

Limitations and gotchas

• UTC only: no timezone configuration. To run "9 a.m. São Paulo time", set the schedule to 12:00 UTC (BRT is UTC-3) and remember DST is no longer observed in Brazil.
• No retry policy: if your handler returns 500, Vercel does not retry. Build idempotency in and log failures to Sentry or similar.
• No built-in logs: invocations appear in function logs alongside everything else. Pipe to Logtail, Better Stack, or Datadog for proper observability.
• Single execution at a time: long-running jobs can overlap if you push the schedule too tight; guard with a distributed lock (Redis, Upstash) for critical paths.

Alternatives if Vercel Cron does not fit

• GitHub Actions: free for public repos, 5-minute minimum interval, also UTC. Good when the schedule belongs to your build pipeline.
• Cloudflare Cron Triggers: nearly identical model to Vercel, runs Workers on schedule.
• AWS EventBridge + Lambda: most flexible, supports timezones via cron expressions with cron(0 12 * * ? *) syntax.
• Cron-job.org: free webhook-based service if you only need to hit a URL on a schedule and your app does not live on Vercel.
• Inngest, Trigger.dev: developer-friendly schedulers with retries, fan-out, and step functions baked in.

FAQ

Can I configure a non-UTC timezone? No — the schedule is always evaluated in UTC. Compute the UTC offset for your target timezone and bake it into the expression. Beware of daylight saving transitions that shift the offset twice a year.

Is Vercel Cron free? The Hobby plan gives you 2 cron jobs at no cost, capped at one invocation per day. Anything beyond that requires Pro ($20/month per member) or Enterprise.

Does this replace Cron-job.org for my use case? Often yes — if your job already lives as a Vercel function, keeping the scheduler inside Vercel removes one moving part. If you orchestrate jobs that live on multiple hosts, an external scheduler is still simpler.

How do I test a cron locally? Vercel does not execute crons in local dev. Hit the endpoint manually with curl -H "Authorization: Bearer $CRON_SECRET" http://localhost:3000/api/cleanup or use a tool like node-cron in a dev script.

What happens if my function takes longer than the timeout? The request is killed, the job is marked failed, no retry. Break long jobs into smaller chunks (paginate, queue with QStash/Inngest) or upgrade to Pro/Enterprise for higher timeouts.