Secure a Deployed Spring Boot + Azure App Service Using Azure API Management Service

In previous tutorial we had deployed a spring boot application as an azure app service. However this deployed app service was not secure. It has public access. So anybody can access it. In this tutorial we will be securing the deployed azure app service using azure api such that anyone who has a valid subscription key only they can access the exposed azure app service.
For this we will be using the following workflow.

Implementation

Our previously deployed service is exposed publicly and can be accessed using javainuseapp.azurewebsites.net/test as follows-

Next in the azure portal we will create an azure api service as follows. Instances in the following service tiers run on a shared infrastructure and without a deterministic IP address: Consumption, Basic v2, Standard v2. So we will make use of Developer plan.

The API service named javainuseapi-api gets created as follows. It can be accessed using url - https://javainuseapp.azurewebsites.net. Also for the created API the ip address is 48.217.201.35
Copy this IP address.

Go to the app service named javainuseapp that we had created before. Go to the networking section. In the Public network access it is specified as Enabled with no access restriction. Click on it.

In Access Restrictions screen select Enabled from select virtual networks and IP addresses. Next add a new rule and enter the ip address of the javainuse-api that we created. Click on save.

Now the access to the app service named javainuseapp has been restricted to only the javainuse-api. If we try to access the javainuseapp directly like before using the url - javainuseapp.azurewebsites.net/test we get 403 error.

Next go to the javainuse-api that we created. Here click on APIs and select App Service.

Select the app service which we want this api to connect to. In our case this is javainuseapp.

Once created in the settings we see that by default a subscription key is required to access this api.

If we now try to access the api using the api url - https://javainuse-api.azure-api.net/test as follows we get 403 error.

This is because we need a subscription key. Only a user having valid subscription ket can access this api. So in javainuse-api screen go to the Subscriptions section and copy a subscription key.

Next when trying to access the api using https://javainuse-api.azure-api.net/test also pass the subscription ket in header as Ocp-Apim-Subscription-Key.

We are now able to access the javainuseapp url securely using the javainuse-api url and subscription key.