Azure Function Proxies – Part 3: Secure your API!

This post is part of an Azure Function Proxies blog series:

  • Part 1: Represent heterogenous service operations into a single API
  • Part 2: Easily enable hybrid integration
  • Part 3: Secure your API
  • Part 4: A very light-weight API management

By creating a uniform API on top of several heterogenous service operations, we also simplify the security model for the API consumer.

After the configuration we’ve done in part 1, we’ve hidden the complexity of maintaining 4 SAS tokens and 1 function code client-side. Be aware that, at the moment, the Azure Function Proxy is not secured by default. In some cases, this might be the desired behaviour, in other scenarios we would like to restrict access to the API. Let’s have a look how we can achieve the latter!

Enforce Authentication

You can leverage the default App Service authentication feature, that forces clients to get authenticated against one of these providers: Azure Active Directory, Facebook, Google, Twitter & Microsoft. This can be done without any code changes. This only covers authentication. When authorization is required, some minimal code changes are needed.

Suggestions for product team

  • Common security measures like IP restrictions and configurable rate limits to protect against DoS attacks would be great. There is already a feature request on UserVoice.
  • Leveraging the standard Azure Function keys or host keys would be also a simple way to authorize the API endpoint. You can easily setup rotating keys to improve security. Apparently this is on the radar, but no ETA defined yet!

Cheers,
Toon

Advertisements

4 thoughts on “Azure Function Proxies – Part 3: Secure your API!

  1. Pingback: Azure Function Proxies – Part 2: Easily enable hybrid integration | toon vanhoutte

  2. Pingback: Azure Function Proxies – Part 1: Represent heterogenous service operations into a single API | toon vanhoutte

  3. Pingback: Microsoft Integration Weekly Update: Oct 9, 2017 | Hooking Stuffs Together

  4. Pingback: Azure Function Proxies – Part 4: A very lightweight API Management | toon vanhoutte

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s