Secure Azure Functions Using API Management

With an HTTP triggered Azure Function it will have an available endpoint that a client application or service can call. This endpoint consists of the name of your function app, the standard DNS azurewebsite.net., api/(name of your function), and an accesskey (code) for your function:

https://<name of your function app>.azurewebsites.net/api/<name of your function>?code=<function key>

You can manage the function and function host keys in the manage tab of your function or the function app settings.

The security for your functions' endpoints can be further enhanced by leveraging API Management service in Azure. With API Management you have an API gateway that can expose your function endpoint more securely by leveraging policies such as enforce authentication with basic authentication, restrict caller IPs, validate JWT tokens and rate limiting.

Azure Functions do offer a proxy capability, which allows you to secure you HTTP triggered functions too. However, this proxy capability has limited features compared to API Management.

Lastly, you can import your function in API Management easily, refer Import an Azure Function App as an API in Azure API Management on Microsoft docs.