I’m trying to access an Azure API Management instance from Microsoft Fabric (Dataflow). The API has IP restrictions configured that block incoming requests.
Current setup:
- I have an Azure API Management instance with IP restrictions enabled
- I need to consume this API from Microsoft Fabric dataflows
- Direct access is blocked due to the IP restrictions
What I’ve considered
- IP whitelisting(Not sure what IPs to whitelist? Do not want to whitelist a whole regions range)
- Private Link/Private Endpoints(Not sure if this is the right path for this type of communication?)
Question:
What is the recommended approach to securely connect Microsoft Fabric to an IP-restricted Azure API Management instance?
2
Answers
After investigating several approaches, I found a robust solution that maintains security principles while staying aligned with Microsoft's architecture patterns.
Solution: I implemented an Azure Function that acts as a middleware/proxy between Microsoft Fabric and the API Management instance. Here's how it works:
Architecture:
Hope this helps others facing similar challenges!
You’ll need to use an On Prem Data Gateway or a VNet Data gateway to access IP-restricted endpoints. In Fabric outbound Private Endpoints only work with Spark.