recommended way to auth between apim and backend services

0
votes

We have a few functions hosted in the premium plan in a vnet. The idea is to secure it with application gateway and api management. However can't afford the premium tier for the vnet integration, so what's our best bet to secure between the apim and the functions,

  • option #1: have function whitelist the api management public outbound IP
  • option #2: using a client certificate auth
  • anything else?

Thanks

1
azure-functionsazure-api-management

1 Answers

0
votes

Since APIM instances have a Static IP, setting up IP Restrictions on the Function App would be the simplest way to go to ensure all requests come through APIM.

In addition, you could also leverage validate-jwt policy to pre-validate tokens before forwarding requests to the functions.