Stitchflow
Back to directory
GoTo Meeting logo

GoTo Meeting User Management API Guide

API workflow

How to automate user lifecycle operations through APIs with caveats that matter in production.

UpdatedMar 11, 2026

Summary and recommendation

The GoTo Meeting REST API v2 is available at https://api.getgo.com/G2M/rest/v2 and uses OAuth 2.0 with both Authorization Code and Client Credentials flows. Admin-level operations - listing organizers, creating seats, suspending or deleting users - require a Client Credentials token with admin-scoped grants (admin:org.read, identity:scim.user.management); a standard user Authorization Code token cannot perform these operations.

Native SCIM for GoTo Meeting standalone is deprecated and must not be used as a foundation for new integrations; teams requiring SCIM-based identity graph synchronization should route through GoToConnect's Okta SCIM connector instead. The API is well-suited for building provisioning automation and attendance reporting pipelines, but carries several sharp edges that require explicit handling.

API quick reference

Has user APIYes
Auth methodOAuth 2.0 (Authorization Code and Client Credentials flows supported)
Base URLOfficial docs
SCIM availableNo
SCIM plan requiredBusiness/Enterprise – native SCIM in GoToMeeting is deprecated; SCIM is available via GoToConnect (which bundles GoToMeeting) through Okta integration

Authentication

Auth method: OAuth 2.0 (Authorization Code and Client Credentials flows supported)

Setup steps

  1. Register an OAuth application at https://developer.goto.com/
  2. Select GoToMeeting API product and request required scopes during app registration.
  3. Implement Authorization Code flow (for user-delegated access) or Client Credentials flow (for server-to-server/admin access).
  4. Exchange authorization code or client credentials for an access token at https://authentication.logmeininc.com/oauth/token.
  5. Include the access token as a Bearer token in the Authorization header of all API requests.
  6. Access tokens expire; use the returned refresh_token to obtain new access tokens without re-authorization.

Required scopes

Scope Description Required for
collab:meeting:manage Create, update, and delete meetings on behalf of an organizer. Meeting CRUD operations
collab:meeting:read Read meeting details and attendee data. Listing meetings and attendees
identity:scim.user.management Manage users via SCIM-compatible endpoints (GoToConnect/admin context). User provisioning/deprovisioning
admin:org.read Read organization and account-level data including organizer lists. Listing organizers under an account

User object / data model

Field Type Description On create On update Notes
organizerKey string Unique identifier for the organizer/user within GoToMeeting. system-assigned immutable Primary key for organizer-scoped API calls.
accountKey string Identifier of the GoTo account the organizer belongs to. system-assigned immutable Used to scope admin-level queries.
email string Primary email address of the organizer. required updatable Used as login identifier.
firstName string Organizer's first name. required updatable
lastName string Organizer's last name. required updatable
status string Account status of the organizer (e.g., ACTIVE, SUSPENDED). system-assigned updatable via admin Suspending a user revokes meeting hosting rights.
locale string Locale/language preference for the organizer. optional updatable BCP 47 format (e.g., en_US).
timeZone string Organizer's default time zone. optional updatable IANA time zone string.
maxParticipants integer Maximum number of participants allowed in organizer's meetings, determined by plan. system-assigned plan-dependent 150 (Professional), 250 (Business), up to 3000 (Enterprise).
adminRoles array List of administrative roles assigned to the organizer. optional updatable by account admin

Core endpoints

Get current organizer (authenticated user)

  • Method: GET
  • URL: https://api.getgo.com/G2M/rest/v2/organizers/{organizerKey}
  • Watch out for: organizerKey must match the token's subject unless using an admin-scoped token.

Request example

GET /G2M/rest/v2/organizers/{organizerKey}
Authorization: Bearer {access_token}

Response example

{
  "organizerKey": "123456",
  "email": "user@example.com",
  "firstName": "Jane",
  "lastName": "Doe",
  "status": "ACTIVE"
}

List organizers under an account

  • Method: GET
  • URL: https://api.getgo.com/G2M/rest/v2/accounts/{accountKey}/organizers
  • Watch out for: Requires admin-level OAuth token with admin:org.read scope. Standard organizer tokens cannot list peers.

Request example

GET /G2M/rest/v2/accounts/{accountKey}/organizers?limit=50
Authorization: Bearer {access_token}

Response example

{
  "organizers": [
    {"organizerKey": "123", "email": "a@example.com"},
    {"organizerKey": "456", "email": "b@example.com"}
  ],
  "nextPageToken": "abc123"
}

Create organizer (add user to account)

  • Method: POST
  • URL: https://api.getgo.com/G2M/rest/v2/accounts/{accountKey}/organizers
  • Watch out for: A paid organizer seat must be available on the account; otherwise returns 409 or 402.

Request example

POST /G2M/rest/v2/accounts/{accountKey}/organizers
Content-Type: application/json
{
  "email": "new@example.com",
  "firstName": "New",
  "lastName": "User"
}

Response example

{
  "organizerKey": "789",
  "email": "new@example.com",
  "status": "ACTIVE"
}

Update organizer details

  • Method: PUT
  • URL: https://api.getgo.com/G2M/rest/v2/organizers/{organizerKey}
  • Watch out for: Full PUT semantics; omitting optional fields may reset them. Verify field behavior in sandbox.

Request example

PUT /G2M/rest/v2/organizers/{organizerKey}
Content-Type: application/json
{
  "firstName": "Updated",
  "timeZone": "America/New_York"
}

Response example

{
  "organizerKey": "123456",
  "firstName": "Updated",
  "timeZone": "America/New_York"
}

Delete (remove) organizer from account

  • Method: DELETE
  • URL: https://api.getgo.com/G2M/rest/v2/accounts/{accountKey}/organizers/{organizerKey}
  • Watch out for: Deleting an organizer cancels all their scheduled future meetings. This action is irreversible via API.

Request example

DELETE /G2M/rest/v2/accounts/{accountKey}/organizers/{organizerKey}
Authorization: Bearer {access_token}

Response example

HTTP 204 No Content

List meetings for an organizer

  • Method: GET
  • URL: https://api.getgo.com/G2M/rest/v2/organizers/{organizerKey}/meetings
  • Watch out for: status filter values are ACTIVE, INACTIVE, HISTORY. Default returns only upcoming meetings.

Request example

GET /G2M/rest/v2/organizers/{organizerKey}/meetings?status=ACTIVE
Authorization: Bearer {access_token}

Response example

{
  "meetings": [
    {"meetingId": "111", "subject": "Standup", "startTime": "2025-06-01T10:00:00Z"}
  ]
}

Get meeting attendees/report

  • Method: GET
  • URL: https://api.getgo.com/G2M/rest/v2/meetings/{meetingInstanceKey}/attendees
  • Watch out for: Uses meetingInstanceKey (session key), not the recurring meetingId. Attendee data available only after meeting ends.

Request example

GET /G2M/rest/v2/meetings/{meetingInstanceKey}/attendees
Authorization: Bearer {access_token}

Response example

{
  "attendees": [
    {"attendeeEmail": "a@example.com", "joinTime": "2025-06-01T10:02:00Z"}
  ]
}

Suspend organizer

  • Method: PUT
  • URL: https://api.getgo.com/G2M/rest/v2/accounts/{accountKey}/organizers/{organizerKey}/suspend
  • Watch out for: Suspended organizers cannot host meetings but their data and scheduled meetings are retained. Requires account admin token.

Request example

PUT /G2M/rest/v2/accounts/{accountKey}/organizers/{organizerKey}/suspend
Authorization: Bearer {access_token}

Response example

HTTP 200 OK
{
  "organizerKey": "123456",
  "status": "SUSPENDED"
}

Rate limits, pagination, and events

  • Rate limits: GoTo APIs enforce per-application rate limits. Official documentation does not publish exact numeric thresholds publicly; limits are enforced and communicated via HTTP 429 responses.
  • Rate-limit headers: Yes
  • Retry-After header: Yes
  • Rate-limit notes: When rate limited, the API returns HTTP 429 with a Retry-After header indicating seconds to wait. GoTo recommends exponential backoff. Exact per-minute/per-hour limits are not published in official docs.
  • Pagination method: token
  • Default page size: 10
  • Max page size: 100
  • Pagination pointer: nextPageToken / limit
Plan Limit Concurrent
Standard OAuth App Not publicly documented; HTTP 429 returned when exceeded 0
  • Webhooks available: Yes
  • Webhook notes: GoToMeeting supports webhooks (called 'push notifications' in GoTo documentation) for meeting lifecycle events. Webhooks are configured per-organizer or per-account via the developer portal or API.
  • Alternative event strategy: Polling the /meetings and /attendees endpoints is the fallback if webhooks are not configured.
  • Webhook events: meeting.started, meeting.ended, attendee.joined, attendee.left, meeting.created, meeting.deleted

SCIM API status

  • SCIM available: No
  • SCIM version: Not documented
  • Plan required: Business/Enterprise – native SCIM in GoToMeeting is deprecated; SCIM is available via GoToConnect (which bundles GoToMeeting) through Okta integration
  • Endpoint: Not documented

Limitations:

  • Native GoToMeeting SCIM provisioning has been deprecated by GoTo.
  • SCIM user provisioning for GoTo products is available through GoToConnect (the broader platform) via Okta SCIM connector.
  • Entra ID (Azure AD) provisioning is supported via SAML SSO but not a published SCIM endpoint for GoToMeeting standalone.
  • Organizations needing SCIM should evaluate GoToConnect licensing rather than GoToMeeting standalone.

Common scenarios

Three scenarios cover the majority of IT automation use cases. First, organizer provisioning on hire: POST to /accounts/{accountKey}/organizers with a Client Credentials token.

store the returned organizerKey in your identity graph for all downstream API calls. handle 402/409 responses if no seats are available before retrying.

Second, offboarding: GET the organizerKey by email, optionally audit and reassign upcoming meetings via GET /organizers/{organizerKey}/meetings, then DELETE /accounts/{accountKey}/organizers/{organizerKey} - this action immediately cancels all future meetings with no grace period and is irreversible via API.

Third, compliance attendance reporting: iterate HISTORY-status meetings per organizer, then fetch /meetings/{meetingInstanceKey}/attendees per session. note that meetingInstanceKey (session key) is required, not the recurring meetingId, and attendee data is only available after a meeting ends.

Paginate all list responses using the nextPageToken cursor; offset-based pagination is not supported in v2.

Provision a new organizer seat when an employee joins

  1. Obtain a Client Credentials OAuth 2.0 token with admin:org.manage scope.
  2. POST to /accounts/{accountKey}/organizers with email, firstName, lastName.
  3. Store the returned organizerKey in your directory/HR system for future API calls.
  4. Optionally PUT to /organizers/{organizerKey} to set timeZone and locale.

Watch out for: If no organizer seats are available on the account, the POST returns an error. Pre-check seat availability or handle 402/409 responses and trigger a seat-purchase workflow.

Deprovision an organizer when an employee offboards

  1. Obtain a Client Credentials OAuth 2.0 admin token.
  2. GET /accounts/{accountKey}/organizers to find the organizerKey by email.
  3. Optionally GET /organizers/{organizerKey}/meetings to audit and reassign upcoming meetings.
  4. DELETE /accounts/{accountKey}/organizers/{organizerKey} to remove the user.
  5. Confirm HTTP 204 response; log the action in your audit trail.

Watch out for: DELETE immediately cancels all future meetings for that organizer. Reassign or cancel meetings manually before deletion if continuity is required.

Audit meeting attendance for compliance reporting

  1. Obtain an Authorization Code token for the target organizer or an admin token.
  2. GET /organizers/{organizerKey}/meetings?status=HISTORY with date range parameters.
  3. For each returned meetingInstanceKey, GET /meetings/{meetingInstanceKey}/attendees.
  4. Aggregate attendee join/leave times and export to your compliance system.
  5. Use nextPageToken to paginate through large meeting histories.

Watch out for: Attendee data is only available for completed (HISTORY status) meeting instances. Real-time attendee data during live meetings is not available via REST API; use webhooks for live events.

Why building this yourself is a trap

The most consequential caveat is the DELETE behavior: removing an organizer via API cancels every future scheduled meeting instantly, with no warning sent to attendees and no undo path. Teams that do not audit and reassign meetings before deletion will silently break scheduled sessions.

Rate limits are a second operational risk - GoTo does not publish numeric thresholds publicly; the API returns HTTP 429 with a Retry-After header, and any integration that does not implement exponential backoff will fail unpredictably under load.

A third structural caveat: organizerKey and accountKey are numeric strings and must be handled as strings in all languages to avoid integer overflow. Finally, the OAuth token issuer is https://authentication.logmeininc.com/oauth/token (the unified LogMeIn/GoTo auth layer), not a GoTo Meeting-specific endpoint - misconfiguring this is a common integration failure point.

Automate GoTo Meeting workflows without one-off scripts

Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.

Every app coverage, including apps without APIs
60+ app integrations plus browser automation for apps without APIs
IT graph reconciliation across apps and your IdP
Less than a week to launch, maintained as APIs and admin consoles change
SOC 2 Type II. ~2 hours of your team's time
Book a Demo

UpdatedMar 11, 2026

* Details sourced from official product documentation and admin references.

Keep exploring

Related apps

Abnormal Security logo

Abnormal Security

API Only
AutomationAPI only
Last updatedMar 2026

Abnormal Security is an enterprise email security platform focused on detecting and investigating threats such as phishing, account takeover (ATO), and vendor email compromise. It does not support SCIM provisioning, which means every app in your stack

Admin guideAPI guide
ActiveCampaign logo

ActiveCampaign

API Only
AutomationAPI only
Last updatedFeb 2026

ActiveCampaign uses a group-based permission model: every user belongs to exactly one group, and all feature-area access (Contacts, Campaigns, Automations, Deals, Reports, Templates) is configured at the group level, not per individual. The default Adm

Admin guideAPI guide
ADP logo

ADP

API Only
AutomationAPI only
Last updatedFeb 2026

ADP Workforce Now is a mid-market to enterprise HCM platform that serves as the HR source of record for employee data — payroll, benefits, time, and talent. User access is governed by a hybrid permission model: predefined security roles (Security Maste

Admin guideAPI guide