I understand(Article) that invoking Azure functions through service bus triggers can be tested locally through POST method to admin endpoint of Azure function. If this is the case, when someone knows my service bus triggered Azure function endpoint, can't they flood with requests to my Azure function since there is no security. Please let me know is there any way to configure so that Azure Function will get invoked only when messages are received on the configured queue/topic.
1 Answers
3
votes
The admin endpoints are secured when running in Azure and you need to authenticate (by a master key) to call these endpoints. There is no anonymous access.
To call a protected function you either provide the master key as a query string parameter (in the form code=<API_KEY>) or you can provide it as a HTTP x-functions-key header.
