How to use resources of a Api Management through a IP inside of a private virtual network

Question

I have a Api Management (APIM) that is on a private virtual network. I want that resources what is inside the virtual network can access to a resources of APIM through a IP instead of a Gateway URL. ¿Is it posible o the APIM only recive request through the Gateway URL?

Mi question is generated because that APIM will be expose through a Firewall of our company and The Network Team of my company request me about ¿what is the IP of APIM for recibe request?. I know that APIM recibe request through the Gateway URL (for example: https://apim-test-ct.azure-api.net/), but I don't know if also it recibe request through a IP (for example: https://172.176.228.242/).

Answer 1

Hi Carlos,

Just to clarify "APIM is on a private virtual network" is mean that is APIM deployed inside (injected) on vnet [Outbound] this help to connect to you internal services from APIM:

APIM CALLS --(virtual network injection)--> your services on virtual network

Now going to your new requeriment and question , your services in this vnet can connect privately to your APIM by a Private endpoint connection [Inbound] on your APIM

Your services in vnet --(Private Endpoint)--> APIM

I share the guide how to do it: https://learn.microsoft.com/en-us/azure/api-management/private-endpoint

Additionaly It won't be a problem new firewall front your APIM for all your service connected on Vnet with the private endpoint also Isn't required to target the Private IP , with the private endpoint you will resolve the DNS name internally to this private IP of APIm.

On the other hand services not connected to the vnet will required added to the whitelist of this firewall It's also a recommendation restrict the IP callers in APIM for this inbound access to your APIs.

https://learn.microsoft.com/en-us/azure/api-management/ip-filter-policy

I hope this help you.

Cheers,

Luis Arias

---

If the information helped address your question, please Accept the answer.