How to Integrate GoToMeeting with V0

Before writing any code, you need to register an OAuth application in the GoToMeeting developer portal. This step is required because GoToMeeting's API uses OAuth 2.0 — your application needs an identity (Client ID and Client Secret) before users can authorize it to act on their behalf. Go to developer.goto.com and sign in with your GoToMeeting account. Navigate to 'My Apps' and click 'Create App'. Give your app a name that users will see on the authorization screen (something like 'My CRM App'). Under 'OAuth 2.0 Grants', select 'Authorization Code' — this is the flow you will implement for a web application. The critical configuration step is setting the Redirect URI. This is the URL GoToMeeting will send users back to after they authorize your app. For your Vercel deployment, this should be https://your-project.vercel.app/api/gotomeeting/callback. For local development, you will need to add http://localhost:3000/api/gotomeeting/callback as a separate redirect URI — GoToMeeting allows multiple redirect URIs per application. After creating the app, you will see a Client ID (also called Consumer Key) and a Client Secret (Consumer Secret). Copy both values — you will add them as environment variables in Vercel. The Client Secret must be treated like a password and should never appear in client-side code or be committed to your repository. GoToMeeting's developer program is available to all paid account holders. If you are on a free trial or organizational account, check with your administrator that API access is enabled for your account.

With your GoToMeeting app registered, prompt V0 to generate the front-end components for your meeting scheduling interface. The UI needs to handle three different states clearly: before the user has connected their GoToMeeting account, during the OAuth authorization flow, and after authorization when they can schedule meetings. For the pre-authorization state, V0 should generate a simple card or section with a 'Connect GoToMeeting Account' button. This button will link to a route at /api/gotomeeting/auth that redirects the user to GoToMeeting's authorization page. For the meeting scheduling form (post-authorization), V0 should generate a form with fields for the meeting subject, start date and time, duration in minutes, and optionally the meeting description. The form should POST to /api/gotomeeting/create and display the returned join URL in a success state — ideally with a copy-to-clipboard button and a button to schedule another meeting. For the meetings list view, ask V0 to generate a table or card list that fetches upcoming meetings from /api/gotomeeting/meetings. Each meeting row should show the subject, scheduled time, and join link, plus a delete/cancel button. Since V0 generates the component with your specified API routes, it will wire up the fetch calls. Review the generated code to confirm that the authorization redirect (for the 'Connect' button) uses window.location.href to do a full-page redirect rather than a fetch call — the OAuth flow requires a real browser redirect, not an AJAX request.

GoToMeeting uses OAuth 2.0 authorization code flow. This requires two API routes: one that initiates the flow by redirecting to GoToMeeting's authorization page, and one that handles the callback after the user approves. The authorization initiation route (app/api/gotomeeting/auth/route.ts) builds the GoToMeeting authorization URL with your Client ID, the redirect URI, and the required scope. GoToMeeting's scopes include 'meetings:read', 'meetings:write', and 'users:read' — for a meeting scheduler, you need at minimum meetings:write. Redirect the user to GoToMeeting's authorization endpoint at https://authentication.logmeininc.com/oauth/authorize. The callback route (app/api/gotomeeting/callback/route.ts) receives the authorization code from GoToMeeting after the user approves. It must exchange this code for an access token by making a POST request to GoToMeeting's token endpoint at https://authentication.logmeininc.com/oauth/token with your client credentials and the authorization code. The response includes an access_token (valid for a limited time) and a refresh_token (long-lived, used to get new access tokens). Storing the access token securely is critical. The recommended approach for a Next.js app is to set an HTTP-only cookie that stores the access token — this prevents JavaScript from reading the token while keeping it available for server-side API routes. For a multi-user app, you would store tokens in a database keyed to the user's session, but for a single-organizer app a secure cookie is sufficient. The state parameter in OAuth is a security measure against CSRF attacks. Generate a random string before redirecting to GoToMeeting, store it in a cookie, and verify it matches when GoToMeeting sends back the callback. If the state does not match, reject the callback.

1// app/api/gotomeeting/auth/route.ts
2import { NextRequest, NextResponse } from 'next/server';
3import { randomBytes } from 'crypto';
4
5export async function GET(request: NextRequest) {
6  const state = randomBytes(16).toString('hex');
7  
8  const params = new URLSearchParams({
9    client_id: process.env.GOTOMEETING_CLIENT_ID!,
10    redirect_uri: `${process.env.NEXT_PUBLIC_BASE_URL}/api/gotomeeting/callback`,
11    response_type: 'code',
12    scope: 'meetings:read meetings:write',
13    state,
14  });
15
16  const authUrl = `https://authentication.logmeininc.com/oauth/authorize?${params.toString()}`;
17  
18  const response = NextResponse.redirect(authUrl);
19  // Store state in cookie for CSRF verification
20  response.cookies.set('gtm_oauth_state', state, {
21    httpOnly: true,
22    secure: process.env.NODE_ENV === 'production',
23    maxAge: 600, // 10 minutes
24    sameSite: 'lax',
25  });
26  
27  return response;
28}

With OAuth working, create the API routes that create meetings and fetch meeting lists. These routes read the access token from the cookie you set during the OAuth callback and use it to call GoToMeeting's meeting APIs. GoToMeeting's Meetings API base URL is https://api.getgo.com/G2M/rest. To create a meeting, POST to /meetings with the organizer's key in the URL path and the meeting details in the JSON body. The organizer key is the GoToMeeting user's unique identifier — you can get it from the /me endpoint after authentication. For meeting creation, the request body requires subject (meeting name), starttime and endtime (ISO 8601 format), and optionally passwordRequired and conferenceCallInfo settings. The response includes the meeting's joinURL, meetingId, and conferenceCallInfo with the dial-in phone numbers. The GET /meetings route returns a list of upcoming meetings for the organizer. It accepts optional startDate and endDate query parameters as ISO 8601 timestamps. To delete a meeting, send a DELETE request to /meetings/{meetingId}. All of these API calls require the access token from GoToMeeting in the Authorization header as 'Bearer {access_token}'. If the access token has expired, you will receive a 401 response — use the refresh token to obtain a new access token and retry the request. Token expiration handling adds complexity to the integration but is necessary for production reliability. Handle edge cases in your API routes: the access token might be missing (user has not authorized), expired (needs refresh), or revoked (user disconnected the app). Return appropriate error messages that let your V0 UI show the correct state to the user.

1// app/api/gotomeeting/create/route.ts
2import { NextRequest, NextResponse } from 'next/server';
3
4export async function POST(request: NextRequest) {
5  const accessToken = request.cookies.get('gtm_token')?.value;
6
7  if (!accessToken) {
8    return NextResponse.json(
9      { error: 'Not authorized. Please connect your GoToMeeting account.' },
10      { status: 401 }
11    );
12  }
13
14  try {
15    const { subject, startTime, endTime } = await request.json();
16
17    if (!subject || !startTime || !endTime) {
18      return NextResponse.json(
19        { error: 'subject, startTime, and endTime are required' },
20        { status: 400 }
21      );
22    }
23
24    // First, get the organizer key from the /me endpoint
25    const meResponse = await fetch('https://api.getgo.com/G2M/rest/me', {
26      headers: { Authorization: `Bearer ${accessToken}` },
27    });
28
29    if (!meResponse.ok) {
30      return NextResponse.json(
31        { error: 'Failed to get organizer information. Token may be expired.' },
32        { status: 401 }
33      );
34    }
35
36    const me = await meResponse.json();
37    const organizerKey = me.key;
38
39    // Create the meeting
40    const meetingResponse = await fetch(
41      `https://api.getgo.com/G2M/rest/organizers/${organizerKey}/meetings`,
42      {
43        method: 'POST',
44        headers: {
45          Authorization: `Bearer ${accessToken}`,
46          'Content-Type': 'application/json',
47        },
48        body: JSON.stringify({
49          subject,
50          starttime: new Date(startTime).toISOString(),
51          endtime: new Date(endTime).toISOString(),
52          passwordRequired: false,
53          conferenceCallInfo: 'Hybrid',
54          meetingType: 'scheduled',
55        }),
56      }
57    );
58
59    if (!meetingResponse.ok) {
60      const error = await meetingResponse.json();
61      return NextResponse.json(
62        { error: error.msg || 'Failed to create meeting' },
63        { status: meetingResponse.status }
64      );
65    }
66
67    const meeting = await meetingResponse.json();
68    const meetingData = Array.isArray(meeting) ? meeting[0] : meeting;
69
70    return NextResponse.json({
71      meetingId: meetingData.meetingId,
72      joinUrl: meetingData.joinURL,
73      subject: meetingData.subject,
74      startTime: meetingData.startTime,
75      endTime: meetingData.endTime,
76    });
77  } catch (error) {
78    console.error('GoToMeeting create error:', error);
79    return NextResponse.json(
80      { error: 'Failed to create meeting' },
81      { status: 500 }
82    );
83  }
84}

Add your GoToMeeting OAuth credentials to Vercel's environment configuration. Go to Vercel Dashboard → your project → Settings → Environment Variables and add: GOTOMEETING_CLIENT_ID: The Client ID (Consumer Key) from your GoToMeeting developer app. GOTOMEETING_CLIENT_SECRET: The Client Secret (Consumer Secret) from your GoToMeeting developer app. This is server-only — no NEXT_PUBLIC_ prefix. NEXT_PUBLIC_BASE_URL: Your Vercel deployment URL (e.g., https://your-project.vercel.app). This is used to construct the OAuth callback URL. It needs the NEXT_PUBLIC_ prefix only if your client-side code also reads it for navigation purposes. After adding variables and redeploying, test the full OAuth flow: click 'Connect GoToMeeting', log in with a GoToMeeting account on the authorization page, approve the app, and verify you land back on your app with the gtm_token cookie set. Then try scheduling a test meeting — the form should create a meeting and return a functional join URL. Common issues at this stage include the redirect URI mismatch error (the URI in your Vercel environment must exactly match what you registered in the developer portal), and the token not being available after the OAuth callback (verify the cookie is being set with the correct domain and that your callback route is returning the redirect to the right page). For production GoToMeeting integrations with multi-user support and persistent token storage, RapidDev's team can help architect the full authentication system with token refresh and database-backed session management.