Circleback
Receive meeting notes, action items, and transcripts from Circleback automations via webhook.
Circleback captures meetings and produces notes, action items, and transcripts. This trigger lets Circleback push each processed meeting into a MyBotBox workflow via webhook.
How it works
Circleback doesn't have named event types — instead you create an Automation in Circleback (Settings → Automations → New) with a trigger (e.g. "When meeting ends", "When tagged with X") and the action "Send webhook request". The Automation posts the meeting payload to whatever URL you provide. You supply the MyBotBox-hosted trigger URL from this block.
Setup wizard
- Drop the Circleback block onto your workflow canvas.
- Copy the generated webhook URL from the trigger configuration panel.
- In Circleback: Settings → Automations → New Automation.
- Pick a trigger condition ("When meeting ends" is the most common).
- Under Actions, choose Send webhook request.
- Paste the URL from step 2 into the webhook URL field.
- Circleback displays a signing secret. Copy it.
- Back in MyBotBox, paste the secret into Signing secret on the trigger block.
- Save.
Once you save a non-empty signing secret, you cannot clear it — you can only replace it with a new value. This prevents accidentally reverting to an unauthenticated endpoint on a production trigger.
Request contract
Circleback posts a single JSON shape per meeting. All fields are optional depending on your Automation's "fields to send" toggles. The platform verifies the x-signature header as HMAC-SHA256 over the raw body when a signing secret is configured.
POST /api/webhooks/trigger/{path}
Content-Type: application/json
x-signature: <hex>
{
"id": 12345,
"name": "Weekly Team Sync",
"url": "https://meet.google.com/abc-defg-hij",
"createdAt": "2026-04-22T15:30:00Z",
"duration": 1800,
"recordingUrl": "https://app.circleback.ai/recordings/...",
"tags": ["team", "weekly"],
"icalUid": "...",
"attendees": [{ "name": "Alex", "email": "alex@example.com" }],
"notes": "## Key points\n- ...",
"actionItems": [
{ "id": "...", "title": "Ship launch post", "description": "...", "assignee": "Alex", "status": "open" }
],
"transcript": [{ "speaker": "Alex", "text": "...", "timestamp": "..." }],
"insights": { "decisions": ["..."] }
}Block outputs
Access via dot notation: <circleback1.actionItems>, <circleback1.transcript[0].text>, etc.
| Output | Type | Description |
|---|---|---|
id | number | Meeting ID |
name | string | Meeting title |
url | string | Virtual meeting URL |
duration | number | Duration in seconds |
createdAt | string | Meeting creation timestamp |
recordingUrl | string | 24-hour valid recording URL |
tags | array | Circleback tags |
attendees | array | [{ name, email }] |
notes | string | Markdown notes |
actionItems | array | Each has id, title, description, assignee, status |
transcript | array | Each has speaker, text, timestamp |
insights | object | Custom insights you configured |
meeting | object | Full payload |
hasActionItems | boolean | Convenience: actionItems.length > 0 |
hasTranscript | boolean | Convenience: transcript.length > 0 |
hasNotes | boolean | Convenience: notes non-empty |
Event filter
Circleback doesn't type events, so the trigger offers a payload-shape filter instead:
| Filter | Fires when |
|---|---|
any (default) | Every Circleback payload |
has_action_items | actionItems array non-empty |
has_transcript | transcript array non-empty |
has_notes | notes string non-empty |
Non-matching payloads return 200 { status: "filtered" } without running the workflow.
Signature verification
The platform uses HMAC-SHA256 over the raw request body. You can re-verify in your own systems using the same pattern:
import { createHmac, timingSafeEqual } from 'node:crypto'
function verify(rawBody, secret, providedSig) {
const expected = createHmac('sha256', secret).update(rawBody).digest('hex')
const a = Buffer.from(providedSig.replace(/^sha256=/i, ''), 'hex')
const b = Buffer.from(expected, 'hex')
return a.length === b.length && timingSafeEqual(a, b)
}import hmac, hashlib
def verify(raw_body: bytes, secret: str, provided_sig: str) -> bool:
expected = hmac.new(secret.encode(), raw_body, hashlib.sha256).hexdigest()
provided = provided_sig.removeprefix("sha256=")
return hmac.compare_digest(expected, provided)
```text
</Tab>
</Tabs>
## Idempotency
Every Circleback payload carries an `id`. The platform dedupes on that key for 7 days — if Circleback retries the same meeting, the second call returns `200 { status: "duplicate" }` without running the workflow. Disable in the trigger's advanced panel if you need re-delivery.
## Verify with the bundled scripts
<Tabs items={['Bun', 'Python']}>
<Tab value="Bun">
```bash
bun apps/sat/tests/staging/triggers/circleback/verify.ts \
https://mybotbox.com/api/webhooks/trigger/<path> \
--secret=<circleback-signing-secret>python3 apps/sat/tests/staging/triggers/circleback/verify.py \
https://mybotbox.com/api/webhooks/trigger/<path> \
--secret=<circleback-signing-secret>The signature header is the lowercase x-signature carrying the hex HMAC-SHA256 digest. Source: apps/sat/tests/staging/triggers/circleback/.
Common patterns
- Action items → tasks: route
actionItemsinto a project-management block (Linear, Jira, Asana) whenhasActionItemsis true. - Transcript summarization: when
hasTranscriptis true, passtranscriptto an LLM block for concise summary + email to attendees. - Daily digest: buffer meetings with a Schedule trigger that collects the day's Circleback webhooks and emails a wrap-up.
When Circleback isn't the right tool
- Real-time transcription events — Circleback fires once per meeting, not during. Use the API Prompt trigger with a transcription service instead.
- Calendar-driven flows (meeting about to start) — use Google Calendar / Outlook triggers; Circleback fires only after a meeting ends.