Async IP restricted Logic App with Azure API Management gives authorization error when calling retry url

0
votes

I'm trying to mask async Logic App with API Management with the retry policy mentioned here.

The Logic App has the Access control configuration set to "Specific IP ranges" (the IP address of the APIM).

The first call to execute the Logic App trigger works well. However the call to get run status (url from the header location) produces the following error:

{
    "error": {
        "code": "AuthorizationFailed",
        "message": "The access to this api is not allowed with a shared access key when the workflow access control configuration has a list of allowed caller IP addresses. Please use the resource management endpoint using an Active Directory access token to access this api."
    }
}

When I remove the IP restrictions from the Logic App (by setting Any IP) everything works well. Is there any way to rewrite the call to get run status so it works with IP restrictions on the Logic App ?

1
azureazure-logic-appsazure-api-management

1 Answers

0
votes

This is a current limitation of the API when Access Control via IP Addresses is setup. As the error message mentions, you will have to use the Workflow Runs - Get API instead.

An alternative would be to route all requests to your Logic App via APIM and leveraging policies to re-write the URLs in the response with APIM URLs pointing to a custom endpoint that can fetch the response using the ARM REST API, providing a seamless experience to any client calling the Logic App.