Azure Static Web Apps use a content delivery network (CDN) to cache and serve content, so the IP address of your Static Web App is not fixed and can change. Using an IP filter for your Azure API Management Service is not a viable solution in this case. Instead, you can implement an authentication mechanism to secure your API and allow only your Azure Static Web App to access it. One common approach is to use API keys for authentication. API Management Service instance > Subscriptions > API Management > Primary key > In your Azure Static Web App, add the subscription key to your API requests. You can include it in the request header as follows
fetch('https://your-api-management-instance.azure-api.net/your-api-endpoint', {
headers: {
'Ocp-Apim-Subscription-Key': 'your-primary-key'
}
})