I Have two products(APIs) within azure APIM set in 2 different subscriptions (2 different domains). Currently our apim is on premium sku and can call multiple custom domains. Depending on the environments I am deploying APIM to - I would like to add a policy that will deny the Inbound requests from all other domain's API and accept only from the one on second domain. Basically restricting all other API-1 calls on domain2. Is there a way to achieve that by adding conditions?
By placing policy at API level you can make sure that it is executed for that API alone, choose policy allows for conditional logic, and policy expressions expose request information, so:
<inbound>
<base />
<choose>
<when condition="@(context.Request.OriginalUri.Host == "contoso.com")">
<return-response>
<set-status code="400" reason "Bad request"/>
</return-response>
</when>
</choose>
</inbound>