Recently I was implementing an API and using an IP Filter to restrict incoming requests but one of the challenges is how to allow the support team or developers test the API from the Azure Portal. I had a look around and couldnt workout a way to do this. I could see that all of the calls from the portal to test it seemed to come from a similar IP address so I thought there may be some proxy involved which might help.
Vlad from the product team advised me that we can allow 18.104.22.168 which is a static ip for the CORS proxy which the portal uses when testing your API from the Azure Portal.
For anyone not so familiar with ip filter in APIM this policy below would allow the portal to be used to test the API and then you can add other addresses to the approved list as you allow clients to access.
<policies> <inbound> <ip-filter action="allow"> <address>22.214.171.124</address> </ip-filter> <base /> </inbound> <backend> <base /> </backend> <outbound> <base /> </outbound> <on-error> <base /> </on-error> </policies>