Securing Azure API

Question

I have an Azure WebAPI and I have added it to Azure API Management.

As well as accessing the API through an API Management URI I note that I can still directly access the Azure API using the URI to the API.

In order to secure the raw API should I:

add code to the API in order to secure it (by treating the API as the ASP.Net application it is and using a certificate)

or

Darrel Miller Darrel Miller · Accepted Answer · 2016-12-09T14:41:14

Your choice.

Upload a certificate to API Management, and verify it in your API
Enable basic auth security in API Management and in your backend API
Add a secret to a custom header in API Management and check it in your API.
Check the inbound IP address in your API as an API Management instance will keep the same IP for as long as it is provisioned
Add your API to an Azure VNet and use a network security group to only allow the API Management IP address access to the VNet