Restrict Access to API in Azure App Service

Aqila Dissanayake 1 Reputation point Microsoft Employee
2022-03-26T06:50:15.617+00:00

One Azure App service hosts a asp.net core API, another different Azure app service hosts a Web app. The web app can be accessed by end users that don't need to sign in (public). The web app calls the API. How can the API access can be restricted so that only the web app hosted in Azure can make calls, but end users cannot directly call the API end points, but the end users can still access the website (webapp)?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,135 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Diwakar Nath Pandey 1 Reputation point
    2022-11-15T15:12:44.477+00:00

    On the Web Api, enable the Private Endpoints feature. This will disable all public access and restrict access from within the VNET. This feature will require an unused subnet, which will then be used to allocate an inbound private IP Address

    0 comments No comments

  2. Ali Sufyan Butt 86 Reputation points MVP
    2022-11-24T12:39:07.28+00:00

    Hi Aqilancd,

    A bit late but, see this, might help

    https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies

    Use Azure Api management

    0 comments No comments