I have an Azure Static Web App developed using Angular (let's say my company homepage) which needs to be publicly accessible w/o authentication. If I wanted some dynamic content on the home page which comes from a database (i.e. news items or a product list), are there any ways to "secure" an Azure Function endpoint that supplies this data to the front end.
"secure" == I'd like to limit access of the endpoint to just my Azure Static Web App.
I'd also like to set up a function that listens for IPN requests from PayPal and so I'd like to configure that function to only be accessible from PayPal.
I see that I can configure CORS to only allow specific domains access to a function -- is this my best option?