I found a similar question here but without any solution. So here it goes:
I'm trying to setup an API with the following infrastructure:
AGW -> APIM (with custom domain) -> Web App with API (with private endpoint enabled). All these resources are in a separate NSG but in the same VNET.
However I keep getting a 401 unauthorized when trying to call the API (see below). The request reaches APIM, but upon "forward-request" it fails. When removing the private endpoint from the app it does work.
I also tried it with a simple Azure Function, with the same result. Making a request while private endpoint is enabled I get a 500 timeout, and without it works fine.
I have
- removed all possible NSG restrictions
- setup private DNS (resolve to private ip, FQDN A record privatelink.azurewebsites.net -> azurewebsites.net)
- enabled access to all ip's in app services & enabled public access for testing
But still to no avail.
So the question is, am I doing something wrong? Is it even possible to call a webapp with a private endpoint from APIM?
the response:
forward-request (69.473 ms)
{
"response": {
"status": {
"code": 401,
"reason": "Unauthorized"
},
"headers": [
{
"name": "Content-Length",
"value": "0"
},
{
"name": "Date",
"value": "Fri, 21 Oct 2022 11:33:00 GMT"
},
{
"name": "WWW-Authenticate",
"value": "Basic realm=\"site\""
}
]
}
}
