Azure Question posted in
The official documentation to get you started can be found here.

Azure API Management access from Microsoft Fabric – handling IP restrictions

I’m trying to access an Azure API Management instance from Microsoft Fabric (Dataflow). The API has IP restrictions configured that block incoming requests.

Current setup:

  • I have an Azure API Management instance with IP restrictions enabled
  • I need to consume this API from Microsoft Fabric dataflows
  • Direct access is blocked due to the IP restrictions

What I’ve considered

  • IP whitelisting(Not sure what IPs to whitelist? Do not want to whitelist a whole regions range)
  • Private Link/Private Endpoints(Not sure if this is the right path for this type of communication?)

Question:
What is the recommended approach to securely connect Microsoft Fabric to an IP-restricted Azure API Management instance?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    After investigating several approaches, I found a robust solution that maintains security principles while staying aligned with Microsoft's architecture patterns.

    Solution: I implemented an Azure Function that acts as a middleware/proxy between Microsoft Fabric and the API Management instance. Here's how it works:

    Architecture:

    • Azure Function acts as an intermediary service
    • Microsoft Fabric connects to the Azure Function through managed endpoints
    • Azure Function forwards requests to APIM
    • Only the Azure Function's static IP needs to be whitelisted in APIM
    • The solution is future-proof, and the function can probably be moved to fabric in the future, sine AF is in preview for fabric.

    Hope this helps others facing similar challenges!


  2. 0

    You’ll need to use an On Prem Data Gateway or a VNet Data gateway to access IP-restricted endpoints. In Fabric outbound Private Endpoints only work with Spark.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search