Integration Security
- Executive Summary
- Working Knowledge
- Technical Spec
ReGenesis integrates with seven external platforms to deliver its core functionality. Each integration is secured with OAuth 2.0, least-privilege scopes, encrypted token storage, and comprehensive audit logging. Users have full transparency and control over which integrations are active and what data flows through them.
Integration Map
| Integration | Purpose | Auth Method | Risk Level |
|---|---|---|---|
| Zoom | Session recording + transcription | OAuth 2.0 | High (raw session data) |
| Google Meet | Session recording + transcription | OAuth 2.0 | High (raw session data) |
| Google Calendar | Session scheduling, reminders | OAuth 2.0 | Medium (schedule data) |
| Gmail | Follow-up emails, notifications | OAuth 2.0 | High (email content) |
| Google Drive | Document sharing, resources | OAuth 2.0 | Medium (file access) |
| Slack | Notifications, quick check-ins | OAuth 2.0 | Low (notifications only) |
| Microsoft Teams | Session recording, notifications | OAuth 2.0 | High (session data) |
| Stripe | Billing, subscription management | API Key + Webhooks | Medium (payment data) |
Security Guarantees
- All tokens encrypted at rest with AWS KMS
- Least-privilege scopes: only the minimum permissions needed are requested
- Users can revoke any integration at any time
- All integration activity is logged in the audit trail
- Webhook signatures validated on every incoming event
- Periodic access reviews (quarterly)
How Integrations Work
The OAuth 2.0 Flow
When a user connects an integration (e.g., Zoom), here is what happens:
- User clicks "Connect Zoom" in their settings
- Redirect to Zoom: The user is sent to Zoom's authorization page
- User grants permissions: The user sees exactly what scopes are being requested and approves
- Zoom sends back a code: ReGenesis exchanges this for access + refresh tokens
- Tokens are encrypted and stored: Using AWS KMS, in the
integration_tokenstable - Integration is active: ReGenesis can now access Zoom on behalf of the user
Least-Privilege Scopes
ReGenesis requests the absolute minimum permissions for each integration:
Zoom
recording:read— Download session recordingsmeeting:read— Get meeting metadata (time, duration, participants)user:read— Verify the user's Zoom identity- NOT requested:
meeting:write,user:write,chat:write
Google Calendar
calendar.events.readonly— Read upcoming sessionscalendar.events— Create/modify coaching sessions (only in Act mode with approval)- NOT requested: full calendar access, access to other calendars
Gmail
gmail.send— Send follow-up emails (only in Act mode with approval)gmail.readonly— Read email threads related to coaching (for context)- NOT requested:
gmail.modify,gmail.compose
Google Drive
drive.file— Access only files that ReGenesis creates or that the user explicitly shares- NOT requested:
drive(full drive access)
Slack
chat:write— Send notifications to the userusers:read— Verify Slack identity- NOT requested:
channels:read,channels:history
Microsoft Teams
OnlineMeetings.Read— Access meeting recordingsChat.ReadWrite— Send notification messages- NOT requested:
Mail.ReadWrite,Files.ReadWrite
Stripe
- API key with restricted permissions
- Can only: create customers, manage subscriptions, process payments
- Cannot: refund, transfer, access other Stripe resources
User Control Panel
Every user has an "Integrations" page in their settings where they can:
- See which integrations are connected
- See when each token was last used
- See what scopes are granted
- Disconnect any integration instantly
- View integration activity logs
What Happens When a User Disconnects
When a user disconnects an integration:
- The access and refresh tokens are immediately revoked with the provider
- The encrypted tokens are deleted from the database
- Any pending actions using that integration are cancelled
- An audit log entry records the disconnection
- The user is notified that disconnection is complete
Integration Data Flow
Integration tokens are encrypted with AWS KMS before storage. The application NEVER stores plaintext tokens. Even database administrators cannot read token values — decryption requires KMS access which is logged and restricted to the Integration Service IAM role.
All webhook handlers include timestamp validation. Zoom, Slack, and Teams webhooks older than 5 minutes are rejected. Stripe webhooks include their own timestamp validation via the signature. This prevents replay attacks where an attacker re-sends a captured webhook.
Users can see exactly what scopes each integration has in their settings panel. When ReGenesis updates its scope requirements (e.g., adding a new capability), users are prompted to re-authorize — the platform never silently expands permissions.