Securing backend API in APIM (Azure API Management ) in Consumption Plan

0
votes

I am working on Azure in which I had to setup an API Management service in consumption tier. I need to secure the backend API's (App service) so that it can only be accessed via API Management service.

In APIM developer plan I used, I configured securing backend API by whitelisting IP of APIM in app service, but in consumption plan, this will not work as APIM in consumption plan will not have public IP.

I want to secure backend API's (App service) behind API Management service (consumption plan).

I tried:

  1. IP whitelisting but it worked in developer plan in APIM and not in consumption plan.
  2. Azure active directory and VNet is not supported in consumption plan.

I visited this link and then How-to-guides->Secure your back-end link.

One of the options in the above link is to secure backend API's through Azure Active Directory and also through connecting to an internal virtual network. Unfortunately, these two features are also not supported in consumption tier.

1
azurebackendazure-api-management

1 Answers

3
votes

You can use client certificate authentication to secure you backend service. Besides, please note that to receive and verify client certificates in the Consumption tier you must first turn on "Request client certificate" setting on the "Custom domains" blade as shown below.

For more details, please refer to How to secure back-end services using client certificate authentication in Azure API Management and How to secure APIs using client certificate authentication in API Management.