all Technical posts

Control Your Azure Functions Securely Through Azure API Management

In some scenarios, you need to start/stop your Azure resources based on external events. APIs are a good way to expose this "control plane" functionality, as it allows seamless integration within your enterprise. This blog showcases this by creating an API that allows to start/stop Azure Functions on demand. It's a good practice to expose your APIs through an API Gateway, that's why I let Azure API Management handle the job in an easy and secure manner.

  • In Azure API Management, you first have to create a new API.

  • Create a new operation, which I called in my example “Start Invoicing”

<base />
<set-backend-service base-url=”{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{functionAppName}” />
<rewrite-uri template=”/start?api-version=2016-08-01″ copy-unmatched-params=”false” />
<authentication-managed-identity resource=”” ignore-error=”false” />

  • The authentication will only work if you enable Managed Service Identity on your API Management instance.

  • To ensure that your API Management instance has the rights to start/stop the Azure Function, you have to navigate to the Access control tab of the Function App.

  • Over here, you can give the Managed Service Identity of your API Management instance the required access rights to start/stop your Azure Function.

  • Try out the API operation…

  • …and see that your Azure Function started successfully!

This is just a simple example of how you can use Azure API Management’s Managed Service Identity to authenticate against the Azure Management API. This approach allows really nice scenarios. All of this is done in a secure manner, if you don’t forget to secure your API Management frontend.



Subscribe to our RSS feed

Hi there,
how can we help?

Got a project in mind?

Connect with us

Let's talk

Let's talk

Thanks, we'll be in touch soon!

Call us

Thanks, we've sent the link to your inbox

Invalid email address


Your download should start shortly!

Stay in Touch - Subscribe to Our Newsletter

Keep up to date with industry trends, events and the latest customer stories

Invalid email address


Great you’re on the list!