403 Forbidden when hitting Azure API Management with Azure Function Backend

1
votes

I'm getting 403 Forbidden error when hitting Azure Functions via API Management. Just to be clear, I don't have any Authentication/Authorization in the function but Authorization Level is set to Function Level.

I can hit the function directly using the Function key. I can also hit the API Management and getting response when mocking was enabled so the error is coming out of the function. I can verify that the function key is being passed by API management to the backend function.

Noticed that this only happens when the function was deployed using ARM.

1
azureazure-functionsazure-api-management
what do you mean using ARM? there is no other way to deploy it - 4c74356b41
If I understand correctly, this doesn't seem to be an issue with APIM, but rather with your Azure function. In that case, you might need to remove the APIM tag. - Pieter Vandenheede
@4c74356b41 I mean Azure Resource Manager - Mark Trinidad
@PieterVandenheede Yes you are right. I just found out that our ARM template added some IP whitelist that is why I was able to hit the functions directly. I just added the IP address of APIM and it worked. Thanks all for your time! - Mark Trinidad
If it is resolved, please add an answer here that will help more communities who have that same issue easily to search. - Tom Sun - MSFT

1 Answers

1
votes

Our Azure Function was deployed with IP restrictions and APIM IP was not present there. After adding APIM IP address thru Function's Platform Features > Networking Group > Networking > Configure IP Restriction, 403 errors were gone.