Blog Post

Azure Integration Services Blog
2 MIN READ

GA: Inbound private endpoint for Standard v2 tier of Azure API Management

Sreekanth_Thirthala's avatar
May 19, 2025

Today, we are excited to announce the general availability of inbound private endpoint for Azure API management Standard v2 tier.

Standard v2 was announced in general availability on April 1st, 2024.

Customers can now configure an inbound private endpoint for their API Management Standard v2 instance to allow clients in your private network to securely access the API Management gateway over Azure Private Link.

The private endpoint uses an IP address from an Azure virtual network in which it's hosted. Network traffic between a client on your private network and API Management traverses over the virtual network and a Private Link on the Microsoft backbone network, eliminating exposure from the public internet. Further, you can configure custom DNS settings or an Azure DNS private zone to map the API Management hostname to the endpoint's private IP address.

Inbound private endpoint

With a private endpoint and Private Link, you can:

  • Create multiple Private Link connections to an API Management instance.
  • Use the private endpoint to send inbound traffic on a secure connection.
  • Use policy to distinguish traffic that comes from the private endpoint.
  • Limit incoming traffic only to private endpoints, preventing data exfiltration.
  • Combine with outbound virtual network integration to provide end-to-end network isolation of your API Management clients and backend services.

Today, only the API Management instance’s Gateway endpoint supports inbound private link connections. In addition, each API management instance can support at most 100 private link connections.

Typical scenarios

You can use an inbound private endpoint to enable private-only access directly to the API Management gateway to limit exposure of sensitive data or backends.

Some of the common supported scenarios include:

  • Pass client requests through a firewall and configure rules to route requests privately to the API Management gateway.
  • Configure Azure Front Door (or Azure Front Door with Azure Application Gateway) to receive external traffic and then route traffic privately to the API Management gateway. For example, see Connect Azure Front Door Premium to an Azure API Management with Private Link.

Learn more

Published May 19, 2025
Version 1.0
No CommentsBe the first to comment