Azure API Management access from Microsoft Fabric - handling IP restrictions

I'm trying to access an Azure API Management instance from Microsoft Fabric (Dataflow). The API has IP restrictions configured that block incoming requests.

Current setup:

• I have an Azure API Management instance with IP restrictions enabled
• I need to consume this API from Microsoft Fabric dataflows
• Direct access is blocked due to the IP restrictions

What I've considered

• IP whitelisting(Not sure what IPs to whitelist? Do not want to whitelist a whole regions range)
• Private Link/Private Endpoints(Not sure if this is the right path for this type of communication?)

Question: What is the recommended approach to securely connect Microsoft Fabric to an IP-restricted Azure API Management instance?

After investigating several approaches, I found a robust solution that maintains security principles while staying aligned with Microsoft's architecture patterns.

Solution: I implemented an Azure Function that acts as a middleware/proxy between Microsoft Fabric and the API Management instance. Here's how it works:

Architecture:

• Azure Function acts as an intermediary service
• Microsoft Fabric connects to the Azure Function through managed endpoints
• Azure Function forwards requests to APIM
• Only the Azure Function's static IP needs to be whitelisted in APIM
• The solution is future-proof, and the function can probably be moved to fabric in the future, sine AF is in preview for fabric.

Hope this helps others facing similar challenges!