Authentication
The MaxConf API uses Microsoft Entra ID (Azure AD) OAuth2.0 client credentials flow. Consumers authenticate by requesting an access token from the Microsoft identity platform, then pass it as a Bearer token on subsequent API requests.
Authentication flow
Section titled “Authentication flow”sequenceDiagram
participant Consumer as API Consumer
participant Entra as Microsoft Entra ID
participant APIM as API Management
participant FA as Function App
Consumer->>Entra: POST /oauth2/v2.0/token<br/>(client_id, client_secret, scope)
Entra-->>Consumer: access_token (JWT, expires_in: 3599)
Consumer->>APIM: GET /room/create<br/>Authorization: Bearer {token}
APIM->>APIM: Validate JWT signature & claims
APIM->>FA: Forward request
FA-->>Consumer: 200 OK (room details)
Token endpoint
Section titled “Token endpoint”All environments use the same Microsoft Entra ID tenant:
POST https://login.microsoftonline.com/953fc14a-00c7-4452-a2fb-0a73070de7f3/oauth2/v2.0/tokenRequest parameters
Section titled “Request parameters”| Parameter | Value |
|---|---|
grant_type | client_credentials |
client_id | Service principal Application (client) ID |
client_secret | Current client secret value |
scope | api://{client_id}/.default |
Client IDs by environment
Section titled “Client IDs by environment”| Environment | Application (Client) ID |
|---|---|
| Test/Edge (DEV, DEV2, SIT) | d802c929-6984-48f9-81d1-ff8770c65bde |
| Test (QA, PREPROD, Test) | 9f0c40e1-6c03-40c1-8035-78bfcd8fed1b |
| Production | a154a158-92d0-4d3c-a756-95d811001574 |
Sample token request
Section titled “Sample token request”curl -X POST \ "https://login.microsoftonline.com/953fc14a-00c7-4452-a2fb-0a73070de7f3/oauth2/v2.0/token" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=client_credentials" \ -d "client_id=d802c929-6984-48f9-81d1-ff8770c65bde" \ -d "client_secret={SECRET_VALUE}" \ -d "scope=api://d802c929-6984-48f9-81d1-ff8770c65bde/.default"Sample token response
Section titled “Sample token response”{ "token_type": "Bearer", "expires_in": 3599, "ext_expires_in": 3599, "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIs..."}The expires_in value of 3599 seconds means the token is valid for approximately 1 hour. Consumers should cache the token and request a new one only when the current token is expired or about to expire.
Using the token
Section titled “Using the token”Include the access token in the Authorization header of every API request:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIs...Public endpoints
Section titled “Public endpoints”The following endpoints do not require OAuth2.0 authentication:
| Endpoint | Authentication |
|---|---|
GET /public/room/{room_name} | x-auth-token header (Genesys Cloud bearer token) |
POST /public/event_sink | HTTP Basic (eventsink credentials) |
GET /public/health | None |
These endpoints are separated into the /public prefix and use alternative authentication mechanisms appropriate to their consumers (Genesys Cloud widgets and Pexip event hooks).