Hello john john
To prevent external users from using your Azure Function you have several options to consider and implement:
- authentication and authorization for your function app. This way, only authorized users can access the function app and use the secure API key. Azure Active Directory, OAuth 2.0, or other identity providers.
- Azure Function to only allow requests from specific IP addresses or require a valid token to be included in each request also IP address filtering, and other security measures to protect your Azure Function from abuse.
- Function Access Keys
Key Comparison - https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts?tabs=v4#keys-comparison - Authorization scopes (function-level)
Function: These keys apply only to the specific functions under which they're defined. When used as an API key, these only allow access to that function.
Host: Keys with a host scope can be used to access all functions within the function app. When used as an API key, these allow access to any function within the function app. - Use Azure API Management (APIM) to authenticate requests
Overall, implementing a comprehensive security strategy for your Azure Function app is essential to protect your data and prevent unauthorized access.