Share via

How to enable some API public or some of the API private using private endpoints in Azure APIM management

Dushanta Jagat Kunwar/RGI/IT 0 Reputation points
2024-08-23T13:09:29.0933333+00:00

Hi MS Team,

We want to expose some of the API through private endpoints and some of the API without private endpoints(public) in the single APIM instance.

For example:

We have one APIM instance having 100 API on it. Out of 100 APIs 5 API need to access privately and rest of 95 APIs access publicly.

Thank you

Dushant

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,166 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
514 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deepanshukatara-6769 10,210 Reputation points
    2024-08-23T13:12:58.57+00:00

    Hello Dushanta, Welcome to MS Q&A

    To expose some APIs through private endpoints and others publicly in a single Azure API Management (APIM) instance, you can use API Management policies and configurations. Here are two approaches:

    Using API Management Policies:

    • Create Separate Products: Create two separate products in your APIM instance, one for private APIs and one for public APIs.
      • Apply IP Filter Policy: Use the IP filter policy to restrict access to the private APIs to a specific set of IP addresses, while leaving the public APIs open to all clients.
      Using Multi-Tenant Feature: 
      - **Create Separate Environments:** Utilize API Management's multi-tenant feature to create separate environments for private and public APIs. Each environment can have its own set of APIs, policies, and users, and can be accessed through a different URL.

    References:

    These references provide detailed guidance on configuring your APIM instance to achieve the desired setup.

    Please let me know if any further questions

    Kindly accept answer if it helps

    Thanks

    Deepanshu

  2. Ryan Hill 28,386 Reputation points Microsoft Employee
    2024-08-27T21:31:15.0533333+00:00

    Hi @Dushanta Jagat Kunwar/RGI/IT

    You can look at VNet integration to configure your API Management instance with both private and public endpoints. Using a virtual network can secure the inbound or outbound traffic by injecting the API Management instance into a subnet of the virtual network and enabling the gateway to access the resources within the network. For a step-by-step guide, see Connect API Management instance to a private network | Microsoft Learn.

    • Navigate to your API Management instance in the Azure portal.
    • In the left-hand menu, select "Network".
    • Choose the option to integrate with a virtual network. You can select either an internal or external virtual network based on your requirements.
    • In the "Network" section of your API Management instance, select "Inbound private endpoint connections" and click on "+ Add endpoint".
    • Fill in the required details such as subscription, resource group, and instance details.
    • Create a private endpoint within the virtual network. This will allow internal clients within the virtual network to access your APIs securely.
    • Ensure that the DNS settings are correctly configured to resolve the private endpoint within the virtual network.
    • You may need to set up Azure Private DNS zones or configure your on-premises DNS servers to resolve the private endpoint.

    You can also refer to Set up inbound private endpoint for Azure API Management | Microsoft Learn as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.