I am setting up API Apps within ASE, and I was having some difficulties understanding the usage of access levels.
I noticed that if the API App access level is set to “Internal” it’s not accessible publicly, however, I do not get an internal endpoint, just a public one – so I am unable to access this application internally (for example – browsing to it from a VM in the same network). How can I access the API App from say a virtual machine hosted on Azure? How can I get an internal endpoint for an API App?
My goal is to be able to access the API App from my VNet, and to have public access blocked.
How can I accomplish this?
Thanks,
Turns out API Apps only have a single end-point which is a public VIP. Need to create a network security group on the subnet and add explicit rules for public VIP's of back-end machines that require access to the API. This will block internet traffic to the app when it is on public anonymous.