
Azure api management access virtual network

I have a virtual network (vnet) configured, it has subnets defined for private endpoints, web apps, databases and vpn point to site etc...

The point is simple, I dont want any of my services accessible via the internet.

I am trying to configure an azure api management service (APIM) in order to be the gateway to access all my api's in the vnet.

Is there a method of setting this up? as it would seem the only way to do this is via adding the APIM to the VNET which only works with with a premium AMS service and that's way out of my price range?

I dont think the APIM private inbound endpoint works the way I want them to



  • Yes, you can integrate APIM into a VNet to connect to private backends. But yes, that requires Premium tier.

    See here

    The alternative would be to lock down all your backend services using network filtering to only allow traffic originating from your APIM, even if they still have public endpoints.