![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 72%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,909 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 28.000000000000004%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
@Sarah ,
Yes, you can certainly use Hybrid Connection to connect from the Azure Web App to the on-prem Web API privately. Typically, it should be able to handle that amount of load (see Hybrid connection usable in plan). One thing to note is that if you can reach that on-prem Web API on HTTPS, then you need ensure that the Azure Web App can trust the certificate, which it would not if the on-prem cert is self-signed or internally issued.
The only ways to connect privately to the on-prem API would be hybrid connection, or by bridging the on-prem network and an Azure VNET using VPN or Express Route. If you do not already have a VPN between on-prem and Azure, that's probably not a fine option for just a 1 single app. In this case, Hybrid Connection would be better [based on your requirement].
Yes, Web App can make default outbound connections against any public endpoint without any extra networking configurations. You would only need to whitelist the outbound IPs of the Web App on the target service's firewall, in case you’re using firewall.
Additionally, Within App Service, Hybrid Connections can be used to access application resources in any network that can make outbound calls to Azure over port 443.
Hybrid Connections provides access from your app to a TCP endpoint and does not enable a new way to access your app.
Please see this doc Azure App Service Hybrid Connections and blog for more details.