POST /v1/calendar/connect/{provider}
Returns a one-time OAuth redirect URL. provider ∈ {google, microsoft}. State carries your customer_user_id round-trip.
04 · calendar integration api
M2 foundation shipped · sync + rules Q3 2026Calendar in, bots out.
Connect your users' Google Calendar or Outlook account once. We sync events, evaluate the rules you defined, and dispatch a recording bot at the right minute. Free — you only pay for the $0.30/hr of recording you actually consume.
overview
Why this exists.
Why this exists. Recall's biggest moat is that they hold their customers' end-users' OAuth tokens for them, so the customer never has to build OAuth twice. We replicate that in M2: POST /api/v1/calendar/connect/google and /connect/microsoft return a redirect URL your user clicks; on success we hand back an opaque meetbot_calendar_user_id you store on your side. We keep their refresh token, encrypted at rest with a per-tenant KMS-derived key.
From there: a background job polls Google Calendar Events API and MS Graph /me/events every five minutes per connected user, dedupes by iCalUid, and evaluates your recording rules. Rules are JSON: "record all internal meetings", "skip 1:1s with my manager", "always record meetings with @customer.com domains". When a rule matches, we schedule the bot for join-time minus 90 seconds. You get the same signed webhook on completion as if you'd dispatched the bot yourself.
Multi-tenant by design. Your tenant id, your end-user's id, your rules, your retention policy — all isolated, all visible in the meetbot admin under your account. EU-hosted by default with SCCs in the DPA; US region available on request. We're applying for Google Workspace Marketplace verification so your end-users see your app name in the consent screen, not ours.
honest scope
Where calendar integration stands today.
The plumbing is in. The user-facing surface is not. M2 (Jun–Jul 2026) lands the four OAuth route skeletons + token-encryption helper; Q3 lands the full sync engine and the rules editor.
works today
OAuth route skeletons (M2 wave)
/api/v1/calendar/connect/google + /connect/microsoft route handlers exist (currently behind a feature flag). Token redirect round-trip works; refresh-token storage encrypted with the per-tenant KMS-derived key.
Calendar-invite intake (today's path)
Add bot@meetbot.dev to any meeting invite — our Cloudflare email worker parses the .ics attachment and dispatches a bot at join-time. Used by every meetbot account today.
Per-tenant token encryption helper
Refresh tokens are AES-256-GCM at rest with a key derived from the per-tenant KEK. Database admins cannot read them; only the orchestrator's runtime KMS principal can.
not yet
Background sync job (every 5 min, dedupe by iCalUid)
Q3 2026. The pg-boss schedule + the Microsoft Graph + Google Calendar pollers are designed but not wired.
JSON rules engine
Q3 2026. Predicates over event metadata: domain, attendee count, organizer, title regex, recurrence rules. Rules editor UI ships in /account/calendar.
Google Workspace Marketplace + Microsoft AppSource listings
Q3–Q4 2026. So your end-users see your app name on the OAuth consent screen, not ours. Verification process started.
Edit/cancel propagation to scheduled bots
Q3 2026. When the calendar event moves, the scheduled bot dispatch moves with it.
M2 calendar V2 foundation is shipped (4 OAuth route skeletons + token-encryption helper). Full sync engine + rules editor land in Q3 — see roadmap at /docs/ROADMAP.md.
planned surface
Spec, in the open.
GET /v1/calendar/users/{id}/events
Synced events for one of your end-users. Paginated, watermark-able, includes meeting URL extraction (Meet/Teams/Zoom).
PUT /v1/calendar/users/{id}/rules
Set the recording rules for one user. JSON predicate over event metadata: domain, attendee count, organizer, title regex.
Background sync job
Every 5 minutes per connected user. Dedupes by iCalUid. Edits/cancellations propagate to scheduled bot dispatches.
Encryption at rest
Refresh tokens encrypted with per-tenant KMS-derived keys. Our DBAs cannot read your tokens; only the orchestrator's runtime KMS principal can.
Marketplace listings
Google Workspace Marketplace + Microsoft AppSource verified listings (in progress) so your users see your app name on the OAuth consent screen.