Reputation: 63
Securing Azure Function Endpoints used by Public Web App
I have an Azure Static Web App developed using Angular (let's say my company homepage) which needs to be publicly accessible w/o authentication. If I wanted some dynamic content on the home page which comes from a database (i.e. news items or a product list), are there any ways to "secure" an Azure Function endpoint that supplies this data to the front end.
"secure" == I'd like to limit access of the endpoint to just my Azure Static Web App.
I'd also like to set up a function that listens for IPN requests from PayPal and so I'd like to configure that function to only be accessible from PayPal.
I see that I can configure CORS to only allow specific domains access to a function -- is this my best option?
Upvotes: 0
Views: 799
Answers (1)
Reputation: 222522
There are two ways to look at it,
(i) Azure has APIM Service which allows to secure certain endpoints and is probably the best way how to handle Azure Functions endpoints for public.
(ii) You can also secure the functions by adding application gateway and whitelist the IP address of the Application gateway in the function or you can build functions inside a vnet using the azure environment service.
You can read more about Securing Azure Functions here
Upvotes: 0
Related Questions
- How to limit access to Azure Function App to a website and clients only
- How to connect public-facing Azure Static Web App to a Function app that is secured with a private endpoint
- Secure Azure Function API with MSAL
- How to restrict/stop public (internet) access to Azure function?
- Make back end APIs only accessible via Azure API management
- Http Trigger Azure function should not accessible outside from App Service
- Make Azure Functions not publicly accessible?
- Azure Functions without public endpoint
- Securing Azure function executions origin when hosted on a Consumption Plan
- Allowing public access to only 1 endpoint of Azure Application