Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

APIM and Private Endpoints

  • May 4, 2023
  • 4 min read
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.

Microsoft released the private endpoint feature, for APIM, for all SKUs. Before, it was only for developers and Premium SKU. In this article, we will see how to make our APIm fully private, to publish APIs internally only. The documentation is available here: https://learn.microsoft.com/en-us/azure/api-management/private-endpoint

To start, deploy a basic APIM for example. If I do a curl on the echo api deployed by default, we can see that it works:

curl -v https://starwind-apim.azure-api.net/echo/resource?param1=sample

Deploy a basic APIM for example

Now, we will add our private endpoint to be able to disable the public access. Go to the network tab of your APIM, Inbound private endpoint connections and create a new private endpoint, and register it in the private DNS zone:

Inbound private endpoint connections

I created a VM, in the same VNet, to test the connectivity to this Private Endpoint:

I created a VM, in the same VNet, to test the connectivity to this Private Endpoint

As you can see, we can access the API through the private endpoint. So next step is to disable the public access, with az rest command (not available in the portal currently):

Disable the public access, with az rest command

After a few minutes, the public access is disabled:

The public access is disabled

As you can see, we can’t access the APIM anymore through the public path, but we can always target it with the private endpoint:

We can’t access the APIM anymore through the public path, but we can always target it with the private endpoint

As you can see, it is very simple to put an APIM private now, and not pay too much 😊

In the next article, we will see how to expose the APIM, through an Azure Application Gateway to have it publicly available and keep the private part too.

 

Hey! Found Florent’s insights useful? Looking for a cost-effective, high-performance, and easy-to-use hyperconverged platform?
Taras Shved
Taras Shved StarWind HCI Appliance Product Manager
Look no further! StarWind HCI Appliance (HCA) is a plug-and-play solution that combines compute, storage, networking, and virtualization software into a single easy-to-use hyperconverged platform. It's designed to significantly trim your IT costs and save valuable time. Interested in learning more? Book your StarWind HCA demo now to see it in action!