statusQueryGetUri and API Management

Question

The setup:
Azure Function with API Management.

Managed Identity is set (https://www.svenmalvik.com/azure-apim-function-msi/). Authentication happens through policy authentication-managed-identity.
All seems to function correctly.
When called Azure Function returns 5 URIs, among them "statusQueryGetUri".

Question:
Before API Management and managed identity, I was able to call statusQueryGetUri using GET method and no credentials (as expected):

GET <rootUrl>/runtime/webhooks/durabletask/instances/<GUID>
?taskHub={taskHub}
&connection={connection}
&code={systemKey}

Now I receive 401 (kind of expected).

What authentication or endpoint am I missing?
Would my <rootUrl> change? Should I add the statusQueryGetUri to APIs managed by the API Management?
How should I authorize myself? Client ID and secret?

All pointers welcome!

Answer 1

@Ana You could proxy requests for these endpoints via APIM as well. The redirect-content-urls does this for you out-of-the-box.

For the proxied URLs to work, you will have to define APIs on APIM that forward the requests to your function app using the same managed identity.

If you require, you could completely rewrite the URLs in the body using the set-body policy and define endpoints on APIM that a more REST-like

For example, the endpoints could be /track/{taskHub}/{connection}/{GUID} and you can use the rewrite-uri policy to change it to the one required by functions. The system key could just be a named value since it doesn't really change.