Share via

Access API from another subscription

Saha 0 Reputation points
2023-07-11T04:55:26.1533333+00:00

Hi Experts,

I have 2 azure subscriptions A and B. In Subscription A, I am using Azure ML service and create the Rest API for my AI model, deploy it using AKS, then use APIM which can publish, secure, transform, maintain, and monitor APIs.

If users from subscription B wants to use API (through their applications, scripts etc.) how can they use it?

Q1. Can the applications in subscription B, directly talk to APIM?

Q2. In my architecture, do I need to add any other azure service after APIM, so that applications from subscription B, will be able to use the rest APIs from subscription-A?

My architecture is as below:

[sub A :Synapse analytics-> Azure ML (create Rest API)-> AKS (deploy API) & ACR-> APIM ] <- subB

Please suggest if any other services are missing from this.

Note: I can optionally add a application load balancer after APIM which can help for faster response.

similarly azure monitor can be used for logging or monitoring etc.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,446 questions
Azure Machine Learning
Azure Machine Learning
An Azure machine learning service for building and deploying models.
3,332 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MuthuKumaranMurugaachari-MSFT 22,441 Reputation points Moderator
    2023-07-11T19:52:16.3733333+00:00

    Saha Thanks for posting your question in Microsoft Q&A. Based on the description, you have resources such as ML backend APIs in AKS clusters and APIM acts as front-end deployed in subscription A and would like the users in another subscription B to access it.

    Yes, the users can access APIM endpoint directly from any subscription in azure (same or different tenant) or outside azure as well. This depends on how the APIM is configured in relates to networking, access restrictions or authentication via azure AD or other identity providers etc.

    1. Is APIM in public, external or internal VNET mode or configured a private endpoint? Check out https://learn.microsoft.com/en-us/azure/api-management/virtual-network-concepts?tabs=stv2 doc to know more about networking options.
    2. How is authentication and authorization configured for APIM? Refer https://learn.microsoft.com/en-us/azure/api-management/authentication-authorization-overview for few scenarios and make sure the users in subscription B have proper permissions to access APIs in APIM and subscription to product or API (subscription key). This doc https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad will help you get started.

    I hope this helps and let me know if any questions.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.