Skip to content

Environments & Base URLs

The MaxConf API is deployed to multiple isolated environments, each with its own Azure Function App, API Management instance, and backend Pexip nodes.

graph TD
    subgraph Test Environment
        APIM_T[API Management<br/>api.test.vc.maxconf.ca]
        EDGE[Function App<br/>Edge Slot]
        TEST[Function App<br/>Test Slot]
        PEXIP_T[Pexip Infinity<br/>management.test.vc.maxconf.ca]
    end

    subgraph Production Environment
        APIM_P[API Management<br/>api.vc.maxconf.ca]
        STAGING[Function App<br/>Staging Slot]
        PROD[Function App<br/>Production Slot]
        PEXIP_P[Pexip Infinity<br/>management.vc.maxconf.ca]
    end

    APIM_T -->|/edge/*| EDGE
    APIM_T -->|/*| TEST
    EDGE --> PEXIP_T
    TEST --> PEXIP_T

    APIM_P -->|/*| PROD
    STAGING -.->|swap| PROD
    PROD --> PEXIP_P
EnvironmentBase URLPurpose
Testhttps://api.test.vc.maxconf.caIntegration testing for IDIM DEV2, SIT, QA, PREPROD, Test
Test (Edge)https://api.test.vc.maxconf.ca/edgePre-test surface for Maximus developers
Productionhttps://api.vc.maxconf.caLive service for BCSC Production

All endpoints are routed through Azure API Management, which handles TLS termination, rate limiting, and subscription key validation before forwarding to the underlying Function App.

Each MaxConf API environment serves specific IAS (Identity Assurance Services) environments. The IDIM server infrastructure in each IAS environment is the direct consumer of the MaxConf API - it calls POST /room/create to provision rooms, then provides the connection details to the BCSC mobile app.

MaxConf APIPexip InfinityIAS EnvironmentsBCSC Mobile App
Test (Edge)TestDEVNone
TestTestDEV2, SIT, QA, PREPROD, TestBCSC DEV, QA, Test
ProductionProductionProductionBCSC Production

API Management applies the following policies:

  • TLS 1.2+ enforced on all inbound connections
  • Subscription key required via Ocp-Apim-Subscription-Key header (for private endpoints only)
  • OAuth2.0 token validation - tokens are validated against Microsoft Entra ID before reaching the Function App
  • Rate limiting - configurable per subscription
  • CORS - restricted to known consumer origins
graph LR
    Consumer[IDIM Server Infrastructure] -->|HTTPS + Bearer Token| APIM[Azure API Management]
    APIM -->|Function Key| FA[Azure Function App]
    FA -->|OAuth2.0 JWT| PEXIP[Pexip Management API]
    FA -->|Managed Identity| KV[Azure Key Vault]
    FA -->|Managed Identity| QUEUE[Azure Storage Queue]

The Function App uses its own service-to-service credentials (OAuth2.0 JWT via client credentials) to authenticate with the Pexip Management API. These credentials are separate from those issued to API consumers.