Azure function returns 403 when triggered by Azure DataFactory

Question

I have problem with triggering Azure function which returns 403 (HTTP trigger).

Trigger is initiated using Azure Data Factory.

It is important to mention that function is exposed through Azure APIM (API management) - function internally has restriction set in a way that only APIM IP is allowed to trigger the function.

Funny thing is that if I send ‘manual’ trigger (postman, HTTP call through APIM from my local machine) everything works as expected - I’m able to trigger the function.

If the same request is sent via Azure DataFactory 403 is returned. Like the request never leaves Azure and IP that hits the function is not the APIM IP. Is this possible and if yes, how to solve this?

Function, APIM and DataFactory are in the same Azure subscription.

FYI - 403 is coming from the function itself, not the APIM. If I remove access restriction from the function, everything works as expected.

Also, to make sure that the request goes through APIM, for one of the tests I put wrong APIM subscription key and this time when ADF triggered the function I got 403, but from APIM which means that requests goes for sure through gateway.

Answer 1

Is this possible and if yes, how to solve this?

I don't think it's possible, I test it in my side and it works fine(both in postman and in Data Factory). I provide my configuration for your reference.

1. I create a APIM and we can see its IP address. Then add my function into APIM.

2. In my function, I configure "Access Restrictions" as below:

3. Then request the url through APIM in postman, success.

Request the url through APIM in Data Factory, also success.

4. So please check if there is anything different with my configuration(For example, use the function url like https://funappname.azurewebsites.net/api/HttpTrigger1?clientId=apim-huryAPIM but not url from APIM in your Data Factory request). And my function, APIM, Data Factory are in same region(East Asia).