fix: update zoom RTMS start endpoint to use a PATCH request

[CyberwizD]

Description

Adds secure Zoom OAuth handling and fixes backend-controlled RTMS start requests. This patch validates OAuth state before token exchange, encrypts stored Zoom OAuth tokens, handles Zoom network errors consistently, and updates the RTMS control client to call Zoom’s required PATCH /live_meetings/{meetingId}/rtms_app/status endpoint.

Type of Change

• feat — New feature
• fix — Bug fix
• refactor — Code refactoring (no functional change)
• docs — Documentation update
• test — Adding or updating tests
• chore — Maintenance (dependencies, CI, tooling)

Related Issue

Closes #

Changes Made

• Added signed Zoom OAuth authorization URL generation and state validation before exchanging OAuth codes.
• Added encrypted storage for Zoom access and refresh tokens using SDK_TOKEN_ENCRYPTION_KEY.
• Added explicit encrypted token columns with plaintext model properties for safe token access.
• Added network error handling for Zoom OAuth and RTMS control API calls.
• Updated RTMS control client to call Zoom with PATCH instead of POST.
• Added env examples for OAuth state secret and token encryption key.
• Updated SDK docs with the secure OAuth and RTMS start flow.
• Added tests for OAuth state validation, token encryption round trips, null refresh tokens, and RTMS control payloads.

Proof of Work

API Response / Screenshots

GET /api/v1/zoom/oauth/authorize-url
Status: 200 OK

{
  "authorization_url": "https://zoom.us/oauth/authorize?response_type=code&client_id=...&redirect_uri=...&state=...",
  "state": "signed-state-value"
}

POST /api/v1/sdk/sessions/{session_id}/rtms/start
Status: 202 Accepted

{
  "status": true,
  "message": "Zoom RTMS start requested",
  "data": {
    "session": {
      "id": "session-id",
      "platform": "zoom",
      "meeting_id": "86429575325",
      "status": "rtms_start_requested"
    },
    "zoom": {
      "action": "start",
      "meeting_id": "86429575325",
      "zoom_status_code": 202,
      "zoom_response": null
    }
  }
}

Test Cases

• Test case 1: test_oauth_state_round_trip_validates_signature
• Test case 2: test_oauth_state_rejects_tampering
• Test case 3: test_zoom_oauth_client_uses_stored_access_token
• Test case 4: test_zoom_oauth_token_allows_null_refresh_token
• Test case 5: test_zoom_rtms_start_posts_expected_payload
• Test case 6: test_zoom_rtms_start_maps_transport_errors
• Test case 7: test_zoom_oauth_exchange_maps_transport_errors

Test output

make lint
# All checks passed!

uv run pytest tests\sdk -q
# 29 passed

Checklist

• My branch follows the naming convention (/)
• My commits follow Conventional Commits
• I have added meaningful tests that cover success and failure paths
• All new and existing tests pass locally (uv run pytest)
• I have included proof of work (JSON responses or screenshots)
• I have updated documentation if needed
• My code follows the project's style guidelines

Summary by CodeRabbit

• Documentation

  • Added Zoom RTMS Control documentation detailing how to initiate RTMS via Zoom's live meeting status endpoint, including required prerequisites and authorization scopes.

• Bug Fixes

  • Fixed HTTP request method for RTMS status updates to use PATCH requests instead of POST.

[coderabbitai]

Warning

Rate limit exceeded

@CyberwizD has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 53 minutes and 17 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 21fc45d4-d0a3-4cbe-abfe-b592042e3945

📥 Commits

Reviewing files that changed from the base of the PR and between ae3b08d and c8469f5.

📒 Files selected for processing (1)

• tests/sdk/test_zoom_rtms_control.py

📝 Walkthrough

Walkthrough

The PR updates the Zoom RTMS SDK control client to use HTTP PATCH instead of POST when updating RTMS status. The implementation change is a single-line method substitution in the client, test mocks are updated to verify PATCH behavior, and new API documentation explains the endpoint, required payload, and authorization scope.

Changes

Zoom RTMS Control HTTP Method Update

Layer / File(s)	Summary
HTTP method update and verification sdk/providers/zoom_rtms/control.py, tests/sdk/test_zoom_rtms_control.py, docs/sdk/zoom-rtms-sdk-prototype.md	ZoomRTMSControlClient.update_status() changes from httpx.post() to httpx.patch(). Test mocks (fake_patch, error simulation) are updated to verify PATCH requests. Documentation adds a "Zoom RTMS Control" section describing the PATCH /v2/live_meetings/{meetingId}/rtms_app/status endpoint, action: "start" payload, and required meeting:update:participant_rtms_app_status scope.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• hngprojects/meetmind-api#16: Implements the ZoomRTMSControlClient and its control flow, which this PR updates with the HTTP method change from POST to PATCH.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: updating the Zoom RTMS start endpoint to use PATCH instead of POST, which aligns with the primary fix across all three modified files.
Description check	✅ Passed	The description follows the template structure with all required sections completed: clear description, type of change selected, changes made detailed, proof of work provided with API responses, test cases listed and checked, and checklist items verified.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/zoom-sdk-integration

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

tests/sdk/test_zoom_rtms_control.py (1)

72-72: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Update test function name to reflect PATCH method.

The test function name test_zoom_rtms_start_posts_expected_payload still references "posts" but now tests PATCH behavior. Renaming to test_zoom_rtms_start_patches_expected_payload would improve clarity.

📝 Suggested rename

-def test_zoom_rtms_start_posts_expected_payload(monkeypatch, db_session):
+def test_zoom_rtms_start_patches_expected_payload(monkeypatch, db_session):

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/sdk/test_zoom_rtms_control.py` at line 72, Rename the test function
currently named test_zoom_rtms_start_posts_expected_payload to reflect that it
verifies PATCH behavior by renaming it to
test_zoom_rtms_start_patches_expected_payload; update the function definition
(def test_zoom_rtms_start_posts_expected_payload(...)) to def
test_zoom_rtms_start_patches_expected_payload(...) so the name matches the
tested HTTP method and intent.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@tests/sdk/test_zoom_rtms_control.py`:
- Line 72: Rename the test function currently named
test_zoom_rtms_start_posts_expected_payload to reflect that it verifies PATCH
behavior by renaming it to test_zoom_rtms_start_patches_expected_payload; update
the function definition (def test_zoom_rtms_start_posts_expected_payload(...))
to def test_zoom_rtms_start_patches_expected_payload(...) so the name matches
the tested HTTP method and intent.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 85893a64-fa14-4ec0-85a3-6d3ec2dc7265

📥 Commits

Reviewing files that changed from the base of the PR and between 7d7644a and ae3b08d.

📒 Files selected for processing (3)

• docs/sdk/zoom-rtms-sdk-prototype.md
• sdk/providers/zoom_rtms/control.py
• tests/sdk/test_zoom_rtms_control.py