Azure APIM Internal Mode - Application Gateway health probe

Question

Hi,
I have deployed Azure APIM in internal mode and able to access it via Application Gateway as explained in https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway.

I can access the APIs OK as well as the new portal. However the portal sign-in doesn't work because it seems like it is trying to access the Management endpoint.

https://management.zohaib-gateway-testing.co.uk/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.ApiManagement/service/zn-apim-prod/identity?api-version=2019-12-01

I have created custom domains and created CNAME records in public DNS to point to the application gateway, portal and management endpoints. My question is what is the custom health probe that I need to create so that the portal can access the management endpoint. The documentation in link above mentioned that :

Important

The new developer portal also requires enabling connectivity to the API Management's management endpoint in addition to the steps below.

But there are no details anywhere on what custom health probe I can create in Application Gateway so that portal can talk to the APIM Mangaement endpoint that it needs. E.g. the health probe path for gateway should be "/status-0123456789abcdef" but there is no mention of what the health probe path should be for the management endpoint.

Please help.

Answer 1

Hi @Zohaib Najeeb - Welcome to MS QnA, and thank you for posting here!

I believe the Note section refers to how you have to manually enable access to the Management Endpoint in the Azure Portal, as shown here: https://learn.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/api-management-rest#EnableRESTAPI

If you've already enabled it so in the Azure Portal, and your Dev Portal is still making a request (to the Management endpoint) that's failing, let me know the URL that's failing and we'll dig deeper to clarify the root cause for you.