Hello Simbarashe Kowo (Platinum Life)
Your configuration is one of the supported scenarios as Static Web App has option 'bring your own functions' feature that requires the functions to not have IP restrictions.
If securing your functions behind a private endpoint, Static Web App won't have access to it.
Also consider Security constraints
Authentication and authorization: If authentication and authorization policies aren't already set up on your existing Functions app, then the static web app has exclusive access to the API. To make your Functions app accessible to other applications, add another identity provider or change the security settings to allow unauthenticated access.
Note
If you enable authentication and authorization in your linked Functions app, it must use Azure App Service Authentication and authorization provider version 2.
Required public accessibility: An existing Functions app needs to not apply the following security configurations.
- Restricting the IP address of the Functions app.
- Restricting traffic through private link or service endpoints.
You may also consider following Azure services to make secure connection from Static Web App to Azure Function:
- API Management
- Application Gateway