Protecting Azure Functions with API Management
In some ways, protecting your functions that need to be effectively public is the trickiest thing to do. Let's say you need to show your product list on your website to non-registered users (for why would anyone sign up to a store without being tempted by the products that are available?). You could have a key on the API, but this would need to be copied over to the end user's browser, rendering it public. To choose the right book of action to protect your functions, you need to know what you are protecting it from.
Usually, there are two types of attacks: DoS attacks and the cleverer attacks, such as SQL injection. The following points describe the book of action for tackling these kinds of attacks:
DoS attacks are the major, most common form of attack. One way to prevent this is to slide an API gateway in front of the function with a rate limiter. This works well, but you have to be careful how you configure the rate limit. If the rate limit...
