Host Azure API Management in Secured Infrastructure

Host Azure API Management in a secured infrastructure protected from public access. The default setup for API Management assigns no Virtual Network to the API Management Instance, which would make your API Management instance accessible over the public internet.

If you want to put your API Management in a Virtual Network, you should do this yourself. The first step is to decide what kind of Virtual Network you want to use (whether Internal/External). It would be best if you went for the Internal VNET to make your API Management only accessible within the internal VNET.

There are some scenarios when you want to host your API Management in an internal VNET; one of them is trying to host internal APIs for consumption within your organization. In this case, there is no reason to go ahead and make your API Management accessible over the public internet, despite all security controls that might be already in place for API Management.

You can always go ahead and build VNET peering to provide secure connectivity between the internal VNET (where the API Management is hosted) and other VNETs in your organization. And, you could build VPN to provide private connectivity between your API Management and any other Could provider, or even on-prem.

The bottom line is, you should never leave your API Management accessible over the public internet unless you planned to do so.