Legal Meeting Automator
One-click scheduling & recording distribution via Zoom API
Zoom OAuth
Integration
Zoom Webhooks
Event Driven
HMAC Payload Validation
Security
Zero Manual Coordination
Outcome
Project overview
A seamless integration built for legal firms to automate the entire lifecycle of virtual hearings. With one click, it schedules a Zoom meeting with strict legal settings, and upon completion, automatically sends the recorded links to all attendees via email.
The problem
Legal firms were wasting significant administrative time manually scheduling Zoom hearings, ensuring the correct security settings were applied (which are critical for legal compliance), and later manually downloading and emailing recording links. Mistakes in settings or missed recordings could compromise a hearing.
The solution
I built an automation service that acts as a middleware between the firm's internal scheduling tool and Zoom. When a hearing is requested, the system uses the Zoom API to generate a meeting with pre-defined legal templates. A webhook endpoint listens for the `recording.completed` event from Zoom and automatically dispatches the links to the registered participants via an email API.
Architecture
The system uses a lightweight FastAPI server to handle incoming webhook payloads from Zoom. The scheduling module communicates with the Zoom API using Server-to-Server OAuth credentials. Email dispatch is handled via a transactional email provider (like SendGrid). All sensitive tokens and API keys are managed securely via environment variables.
Engineering Deep Dive
Challenges Faced
Zoom's API authentication changed from JWT to Server-to-Server OAuth, requiring a robust token management strategy. Additionally, webhook payloads from Zoom must be verified securely to ensure they aren't spoofed by malicious actors.
Techniques Used
I implemented an OAuth token manager that caches the access token and automatically refreshes it before expiration. For webhook security, I utilized Zoom's Webhook Secret Token to validate the HMAC SHA-256 signature on incoming requests.
Why This Technology?
Python/FastAPI is ideal for building quick, reliable webhook listeners due to its speed and Pydantic validation. The Zoom API was the only logical choice since the firm already utilized Zoom as their primary communication platform.
Technical deep-dive
The webhook validation logic was crucial for security. When a request hits the `/webhook/zoom` endpoint, the server extracts the `x-zm-signature` and `x-zm-request-timestamp`. It verifies the timestamp to prevent replay attacks and recalculates the HMAC signature using the local secret. Only if the signatures match does the server process the recording data and trigger the async email dispatch task.
What was built
Automated end-to-end meeting scheduling via the Zoom REST API
Enforced strict security configurations (waiting rooms, no-join-before-host) automatically
Implemented a webhook listener to catch recording-completed events
Automated email distribution of secure recording links to participants
Outcome
Eliminated back-and-forth coordination and manual link sharing entirely. The system ensures 100% compliance with the firm's required meeting security settings and guarantees that recordings are never lost or forgotten.