One option is to integrate APIM with a VNET and enable App Service Service Endpoints. From there on the app service you can under the Networking blade enable access restrictions only allowing connections from the APIM subnet. The doc below shows an example using app gateway but the setup will be similar for APIM.
How to secure Azure App service ?
Hi,
We have Azure App Service configured in Azure API gateway as a API Backend HTTPs endpoint.
We want to secure those App services so that it can only be accessible via Azure API gateway not directly via browser.
Please advise the approach for this.
-
Jeremy Brooks 572 Reputation points Microsoft Employee
2022-01-14T05:28:49.893+00:00
1 additional answer
Sort by: Most helpful
-
msrini-MSFT 9,261 Reputation points Microsoft Employee
2022-01-13T08:06:00.827+00:00 You can have Application Gateway infront of App Service or APIM to secure your API.
Doc: https://learn.microsoft.com/en-us/azure/app-service/environment/integrate-with-application-gateway
For APIM: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgatewayRegards,
Karthik Srinivas