Can Azure API Management (VNet mode) access Azure Cache for Redis using Managed Identity instead of a connection string?

Juul Hobert 0 Reputation points
2025-08-06T11:11:39.29+00:00

We currently use Azure API Management (APIM) in internal VNet mode and are connecting directly to Azure Cache for Redis using a connection string (hostname + access key). According to Azure documentation, this is not recommended due to security concerns, and we'd like to transition to Managed Identity-based authentication.

Here’s our setup:

  • APIM is VNet-injected (internal mode)
  • Redis tier: Premium
  • Redis is configured as an external cache, directly accessed from APIM policies
  • We do not have an intermediate backend (e.g., Azure Function or App Service). APIM talks to Redis directly
  • Redis Premium is Private Endpoint-enabled, and we're aware of Azure RBAC support and token-based access in this tier

🔍 My question:

Is it possible to have Azure API Management use its Managed Identity to authenticate directly to Azure Cache for Redis Premium, without relying on a connection string?

If yes:

What would the configuration look like in APIM?

Can APIM acquire and forward an Azure AD access token to Redis?

Is there any built-in policy or extension that enables this?

If no:

  • Is the recommended secure architecture to introduce a backend (e.g., Azure Function with MSI) that handles Redis interactions, and let APIM proxy through it?

I’ve reviewed Microsoft Docs for Redis, APIM, and Managed Identity, but couldn’t find a definitive answer specific to APIM → Redis with MSI, without a backend in the middle.

Thanks in advance for any authoritative clarification or workaround.

My question: Is it possible to have Azure API Management use its Managed Identity to authenticate directly to Azure Cache for Redis Premium, without relying on a connection string?

If yes:

What would the configuration look like in APIM?

  • Can APIM acquire and forward an Azure AD access token to Redis?

If no:

  • What is the recommended secure architecture then?

I’ve reviewed Microsoft Docs for Redis, APIM, and Managed Identity, but couldn’t find a definitive answer specific to APIM → Redis with MSI.

Thanks in advance for any authoritative clarification or workaround.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.