Recently, Microsoft announced the preview of Azure Private Link support for Azure API Management service, a fully-managed service that enables customers to publish, secure, transform, maintain, and monitor APIs. 

With the Private Link support, customers can now configure a private endpoint for their API Management instance to allow clients in their private network to securely access the instance over Azure Private Link. Moreover, communications between the customers’ virtual network and the Azure API Management gateway travel over the Microsoft backbone network privately and securely, eliminating the need to expose the service to the public internet. Earlier, only the Developer and Premium tiers of API Management supported VNET integration. However, with the Private Link support, customers can privately integrate with clients in a virtual network, using the API Management tiers- Developer, Basic, Standard, and Premium.

Customers can use Azure Private Link to create a private endpoint for the gateway component, which will be accessible via a private IP address within their virtual network. This endpoint allows inbound traffic to the private IP address to reach the Azure API Management gateway. 

Source: https://azure.microsoft.com/en-us/blog/secure-your-apis-with-private-link-support-for-azure-api-management/

Jeff Hollan, director of product for Azure Apps at Microsoft, tweeted: 

Often with PaaS services, the hardware itself isn’t running in your private network. So you don’t have like a dedicated IP or VM. Private Link lets you secure traffic through a VNet, even in those cases. More a different approach/way of trying to provide similar functionality. So, in this case - now the "basic" tier of APIM can have secured VNet inbound requests.

In addition, Fernando Mejia, a senior program manager, Azure API Management, stated in an Azure blog post on the Private Link support for API Management:

With the preview of Azure Private Link for Azure API Management, you are now empowered to bring your Azure API Management instances to a virtual network using the same consistent experience of other Azure PaaS services. You can create and manage private endpoints for the gateway of your Azure API Management instance. We will be sharing more updates and content in the future, so stay tuned for new updates towards the general availability of this feature.

Currently, Microsoft will only support inbound traffic coming to the gateway, instances using the STV2 compute platform, all pricing tiers except consumption, and Azure Private Link is limited to instances not using virtual network injection (internal or external).