Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
@Paris Perlegkas did you resolve you issue? were you able to get the endpoint api/GetRoles work?
Azure Static Web Apps linked Function App not routing /api/* (SWA returns platform 404 when trying to sign in with CIAM External ID user)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 86%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Paris Perlegkas
85
Reputation points
We use Microsoft Entra External ID (CIAM) via a custom OpenID Connect provider (aadb2c) in Azure Static Web Apps authentication, with rolesSource configured to POST /api/GetRoles.
Issue:
Production sign-in fails with ERR_TOO_MANY_REDIRECTS. We traced it to rolesSource not being reachable through SWA because SWA is not routing /api/* to the linked Function App backend. Any request to /api/* returns the Azure Static Web Apps 404 Not Found HTML page, indicating the request is not forwarded to the backend.
Symptoms / Repro steps:
- Call the Function App endpoint directly:
- POST https://<functionapp-default-domain>/api/GetRoles with body {}
- Result: HTTP/1.1 200 OK and JSON: {"roles":[]}
This confirms the function exists and works.
- Call the same endpoint through the SWA domain:
- Result: HTTP/1.1 404 Not Found and the Azure Static Web Apps - 404 HTML page.
- Call through the default SWA hostname:
- POST https://<swa>.azurestaticapps.net/api/GetRoles with body {}
- Result: same SWA 404 HTML page.
- Static Web App portal shows the backend is linked
Impact:
- SWA auth cannot complete because rolesSource: /api/GetRoles is unreachable, leading to repeated redirects during sign-in.
- No Function App logs appear for GetRoles when testing via SWA because the request never reaches the Function App.
Environment / configuration:
- Static Web App: Standard tier, with custom domain (shows 'Ready' in SWA).
- Linked backend: Azure Function App
- Function App hosting plan: Flex Consumption.
- Function App default domain format: <app name>-<suffix>.westeurope-01.azurewebsites.net.
- staticwebapp.config.json includes:
- auth.rolesSource = "/api/GetRoles"
- /api/* requires authenticated
- /.auth/* allowed anonymous
- CI/CD workflow sets api_location: "" (we are using linked backend, not integrated SWA APIs).
Question for support:
Microsoft documentation for SWA APIs/Functions lists supported Function App hosting plans for APIs as Consumption/Premium/Dedicated (Flex Consumption is not mentioned).
- Can someone confirm whether Flex Consumption Function Apps are supported as a linked backend for Azure Static Web Apps /api/* routing and rolesSource?
- If Flex Consumption is not supported, why would it have worked until a couple of days ago with the same SWA and same Function App plan? and which plan should I select to in its place?
- If it is supposed to be supported, can you help/ investigate why SWA is not forwarding /api/* to the linked backend (despite showing as linked in portal) and returns SWA platform 404?
Requested outcome:
- Restore /api/* routing from SWA to the linked Function App, so POST /api/GetRoles works via SWA domain and sign-in no longer loops.
- Clarify official support/compatibility for SWA linked backends with Azure Functions Flex Consumption.
Azure Static Web Apps
4 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 53%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEY%3C/text%3E%3C/svg%3E)
Emily Yang 0 Reputation points2026-01-27T18:26:18.7633333+00:00 I have the same issue as the post. I'm using External Entra tenant, static web app, linked to bring-your-own azure function, and api/GetRoles to return the role assignment.
I have another api endpoint which is reachable by static web app via /api/test_api. It's hosted under the same Azure function, but the api/GetRoles endpoint is not called at all during the static web app sign in process. I don't see any errors in browser network or console, the Azure function logging shows no invocation for api/GetRoles.
I'm very stuck with this whole infra. Any help?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 36%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Shree Hima Bindu Maganti 7,420 Reputation points Microsoft External Staff Moderator2026-01-29T13:24:28.81+00:00 Hi @Emily Yang
The main difference is that /api/GetRoles isn’t called like a regular API endpoint, even though it’s in the same Function App. When used as rolesSource, Azure Static Web Apps calls it internally during authentication, not from the browser, and only under specific conditions. The endpoint needs to allow anonymous access, accept a POST request at the exact path set in staticwebapp.config.json, and not be restricted by authentication route rules (unlike /api/test_api, which is triggered after sign-in). If /api/GetRoles is protected by allowedRoles, SWA skips it without showing browser errors or Function logs. Also, if your Function App uses Flex Consumption, SWA won’t forward rolesSource calls, although other /api/* routes might still work. To fix this, make sure /api/GetRoles allows anonymous access in the config and that the Function App is on a supported plan (Consumption or Premium). Once these are set, you should see Function invocations during sign-in.
Let me know if you have any further assistances needed.
Sign in to comment -
-
Shree Hima Bindu Maganti 7,420 Reputation points Microsoft External Staff Moderator
2026-01-20T09:30:00.3866667+00:00 Hi @Paris Perlegkas
It seems like you're having trouble with your Azure Static Web App not routing API requests to your Azure Function App.Make sure your staticwebapp.config.json is set up properly. Since /api/* requires authentication, confirm your route rules allow access.
{ "routes": [ { "route": "/api/*", "allowedRoles": ["authenticated"] } ] }If your function works directly but not through the Static Web App, check the authentication settings on your Function App. Sometimes these settings can prevent requests from being routed correctly.
In the Azure portal, verify that your Static Web App is linked to the right Function App without any errors under the "APIs" section.
The Flex Consumption plan isn’t specifically listed as compatible with Azure Static Web Apps linked backends. If it worked before, there might have been a configuration change. You might want to try the standard Consumption or Premium plan instead.
Create a simple test function like /api/test that returns a basic JSON response. This can help you see if the Static Web App can access any function in your linked Function App.
https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-authorization?tabs=invitations
https://learn.microsoft.com/en-us/azure/static-web-apps/apis-overview?wt.mc_id=knowledgesearch_inproduct_azure-cxp-community-insider
Let me know if you have any further assistances needed.-
Emily Yang 0 Reputation points
2026-01-27T18:31:14.26+00:00 I have the test api work, but api/GetRoles still does not work, please see my comments below and help me!
Sign in to comment -
-
AI answer
2026-01-18T22:16:15.5466667+00:00 The issue you're experiencing with Azure Static Web Apps (SWA) not routing
/api/*requests to your linked Azure Function App could be related to the configuration of your SWA and the specifics of the Function App hosting plan.- Flex Consumption Plan: As per the current documentation, Azure Static Web Apps supports linking to Azure Function Apps that are on Consumption, Premium, or Dedicated plans. The Flex Consumption plan is not explicitly mentioned, which raises questions about its compatibility as a linked backend for SWA. If it was working previously, it could be due to changes in the service or configuration that are now affecting the routing.
- Configuration Check: Ensure that your
staticwebapp.config.jsonis correctly configured to route/api/*requests to the linked Function App. Theapi_locationshould be set to an empty string ("") when using a linked backend, which you mentioned is already done. Additionally, verify that the Function App is indeed linked correctly in the Azure portal. - Troubleshooting Steps: Since the requests to
/api/*are returning a 404 error, it may be useful to check the following:- Confirm that the Function App is running and accessible directly, which you have done.
- Check if there are any recent changes in the Azure environment or your configuration that could have affected the routing.
- Review the logs in the Azure portal for any errors or indications that requests are being blocked or misrouted.
- Support and Compatibility: For official confirmation regarding the support of Flex Consumption Function Apps as linked backends, you may need to reach out to Microsoft support directly. They can provide the most accurate and updated information regarding service compatibility and any potential issues.
To resolve the routing issue, you may need to ensure that the Function App is configured correctly and that there are no restrictions preventing the SWA from accessing it. If the problem persists, contacting Azure support would be advisable for further investigation.
References:
AI-generated content may be incorrect. Read our transparency notes for more information.