OTP Service on Azure Functions

New Contributor

Hi all,

 

I am building an OTP Service using an Azure Functions backend. 

 

It'll be 2 APIs, one to create an OTP and store it in an azure storage / cosmos DB, which will call an outside API to send the OTP via SMS/Email. Once the user enters the received code, it'll call the 2nd API which will verify it against the DB/Storage.

 

My question is, this will serve a public facing website which will provide sensitive data to users that are not authenticated otherwise. Is it a safe / secure way to provide user data?

 

Thank you in advance! 

1 Reply
Hi,
you can use "access restriction" in the Function App. Access restriction is a network feature of the function app that allow you to create rule to control who can access to the endpoint of the functions inside the function app.
You can find more info on these links:
https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts?tabs=v4
https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions

You can also find an architecture on how you can create a multitier application with app services (and similarly with function app) on this link:
https://learn.microsoft.com/en-us/azure/architecture/example-scenario/web/multi-tier-app-service-pri...