Secure Azure Functions Using API Management
  • 03 Apr 2022
  • 1 Minute to read
  • Contributors
  • Comments
  • Dark
    Light
  • PDF

Secure Azure Functions Using API Management

  • Comments
  • Dark
    Light
  • PDF

#ServerlessTips - Azure Functions
Author: Steef-Jan Wiggers Azure MVP

With an HTTP triggered Azure Function it will have an available endpoint that a client application or service can call. This endpoint consists of the name of your function app, the standard DNS azurewebsite.net., api/(name of your function), and an accesskey (code) for your function:

https://<name of your function app>.azurewebsites.net/api/<name of your function>?code=<function key>

You can manage the function and function host keys in the manage tab of your function or the function app settings.

The security for your functions' endpoints can be further enhanced by leveraging API Management service in Azure. With API Management you have an API gateway that can expose your function endpoint more securely by leveraging policies such as enforce authentication with basic authentication, restrict caller IPs, validate JWT tokens and rate limiting.

Azure Functions do offer a proxy capability, which allows you to secure you HTTP triggered functions too. However, this proxy capability has limited features compared to API Management.

With API Management you do add extra costs to your function – yet comes with more security features and other capabilities that can be valuable for exposing your functions to the outside world.

Lastly, you can import your function in API Management easily, refer Import an Azure Function App as an API in Azure API Management on Microsoft docs.

Azure-functions.png


Was this article helpful?