diff --git a/docker-compose.yml b/docker-compose.yml
index a800ede5..85278ed5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,168 +1,170 @@
 version: '3'
 services:
   coturn:
     build:
       context: ./docker/coturn/
     container_name: kolab-coturn
     environment:
       - TURN_PUBLIC_IP=${COTURN_PUBLIC_IP}
       - TURN_LISTEN_PORT=3478
       - TURN_STATIC_SECRET==${COTURN_STATIC_SECRET}
     hostname: sturn.mgmt.com
     image: kolab-coturn
     network_mode: host
     restart: on-failure
     tty: true
   kolab:
     build:
       context: ./docker/kolab/
     container_name: kolab
     depends_on:
       - mariadb
     extra_hosts:
       - "kolab.mgmt.com:127.0.0.1"
     environment:
       - DB_HOST=${DB_HOST}
       - DB_ROOT_PASSWORD=Welcome2KolabSystems
     healthcheck:
       interval: 10s
       test: test -f /tmp/kolab-init.done
       timeout: 5s
       retries: 30
     hostname: kolab.mgmt.com
     image: kolab
     network_mode: host
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     tty: true
     volumes:
       - /etc/letsencrypt/:/etc/letsencrypt/:ro
       - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro
       - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro
       - ./docker/certs/kolab.hosted.com.cert:/etc/pki/tls/certs/kolab.hosted.com.cert
       - ./docker/certs/kolab.hosted.com.key:/etc/pki/tls/certs/kolab.hosted.com.key
       - ./docker/certs/kolab.mgmt.com.cert:/etc/pki/tls/certs/kolab.mgmt.com.cert
       - ./docker/certs/kolab.mgmt.com.key:/etc/pki/tls/certs/kolab.mgmt.com.key
       - ./docker/kolab/utils:/root/utils:ro
       - ./src/.env:/.dockerenv:ro
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
   mariadb:
     container_name: kolab-mariadb
     environment:
       MYSQL_ROOT_PASSWORD: Welcome2KolabSystems
       TZ: "+02:00"
     healthcheck:
       interval: 10s
       test: test -e /var/run/mysqld/mysqld.sock
       timeout: 5s
       retries: 30
     image: mariadb
     network_mode: host
   nginx:
     build:
       context: ./docker/nginx/
       args:
         APP_WEBSITE_DOMAIN: ${APP_WEBSITE_DOMAIN:?err}
     container_name: kolab-nginx
     hostname: nginx.hosted.com
     image: kolab-nginx
     network_mode: host
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     tty: true
     volumes:
       - ./docker/certs/imap.hosted.com.cert:/etc/pki/tls/certs/imap.hosted.com.cert
       - ./docker/certs/imap.hosted.com.key:/etc/pki/tls/private/imap.hosted.com.key
   pdns-sql:
     build:
       context: ./docker/pdns-sql/
     container_name: kolab-pdns-sql
     depends_on:
       - mariadb
     hostname: pdns-sql
     image: apheleia/kolab-pdns-sql
     network_mode: host
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     tty: true
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
   proxy:
     build:
       context: ./docker/proxy/
     container_name: kolab-proxy
     hostname: kanarip.internet-box.ch
     image: kolab-proxy
     network_mode: host
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     tty: true
     volumes:
       - ./docker/certs/:/etc/certs/:ro
       - /etc/letsencrypt/:/etc/letsencrypt/:ro
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
   redis:
     build:
       context: ./docker/redis/
     container_name: kolab-redis
     hostname: redis
     image: redis
     network_mode: host
     volumes:
       - ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
   swoole:
     build:
       context: ./docker/swoole/
     container_name: kolab-swoole
     image: apheleia/swoole:4.6.x
   worker:
     build:
       context: ./docker/worker/
     container_name: kolab-worker
     depends_on:
       - kolab
     hostname: worker
     image: kolab-worker
     network_mode: host
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     tty: true
     volumes:
       - ./src:/home/worker/src.orig:ro
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
   meet:
     build:
       context: ./docker/meet/
     environment:
       - REDIS_IP=${MEET_REDIS_IP}
       - REDIS_PORT=${MEET_REDIS_PORT}
       - REDIS_DBNAME=${MEET_REDIS_DATABASE}
       - REDIS_PASSWORD=${MEET_REDIS_PASSWORD}
       - PUBLIC_IP=${MEET_PUBLIC_IP}
       - PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN}
       - TURN_SERVER=${MEET_TURN_SERVER}
-      - TURN_STATIC_SECRET==${COTURN_STATIC_SECRET}
+      - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
+      - AUTH_TOKEN=${MEET_SERVER_TOKEN}
+      - WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN}
     network_mode: host
     container_name: kolab-meet
     image: kolab-meet
     volumes:
       - /etc/letsencrypt/:/etc/letsencrypt/:ro
       - ./meet/server:/src/meet/:ro
       - ./docker/meet/build/node_modules:/root/node_modules
       - ./docker/certs/kolab.hosted.com.cert:/etc/pki/tls/certs/kolab.hosted.com.cert
       - ./docker/certs/kolab.hosted.com.key:/etc/pki/tls/certs/kolab.hosted.com.key
diff --git a/meet/README.md b/meet/README.md
index 5eefe89a..86deb83e 100644
--- a/meet/README.md
+++ b/meet/README.md
@@ -1,98 +1,98 @@
 This is the kolab meet server side component.
 
 Run it with nodejs (or use the meet container).
 
 It should become available on on port 12433 (curl -k -v http://localhost:12443/ping)
 
 # To get an interactive console
 /src/meetsrc/connect.js
 
 # To dump some stats
 /src/meetsrc/connect.js --stats
 
 # Test the websocket
 npm -g install wscat
 wscat --no-check -c "wss://172.20.0.2:12443/socket.io/?peerId=peer1&roomId=room1&EIO=3&transport=websocket"
 
 # Update code in container
 docker exec -ti kolab-meet /bin/bash -c "/bin/cp -rf /src/meet/* /src/meetsrc/"
 
 # Quick WebRTC overview
 
 In our setup there are the following components involved:
 * Client (Browser with some javascript)
 * Kolab 4 (Webserver runnnign the kolab 4 application)
 * Turn server (coturn)
 * Kolabmeet server (nodejs application)
 
 Kolabmeet itself has two 3 interaction points:
 * A webserver for the API
 * A websocket for signaling
 * Mediasoup for webrtc
 
 To join a meeting this is roughly what happens:
 * The Client asks the webserver to join a room
 * The webserver contacts kolabmeet to create the room and returns a url for a signaling websocket
 * The client connects to kolabmeet via the signaling websocket
 * The client now asks kolabmeet via the websocket to prepare the media channels
 * Mediasoup then ultimately establishes the webrtc connection, potentially routing the data via the configured turn server.
 
 This leads to the following topolgy:
 * Client <-> Kolab 4 API <-> Kolabmeet API
 * Client <-> Kolabmeet Websocket (Signaling
 * Client <-> (Turn Server) <-> Kolabmeet WebRTC <-> (Turn Server) <-> Client
 
 
 # Troubleshooting
 
 * Socket.io (signaling) has a debug option that can be set in the browser local storage.
 * Mediasoup has a debug flag that can be set in the config.
 * Coturn has config flags to enable logging of all connection attempts.
 * Firefox has about:webrtc and chrome has chrome://webrtc-internals
 * wscat can be used to test websockets.
 * On the kolabmeet server you can connect to the server by executing connect.js, which allows to inspect the internal state.
 * The browser won't allow a ws: connection from a https:// site, but only chrome will tell you about it.
 * If in question, restart your browser. Sometimes things suddenly start working again.
 
 
 ## Scalability
 
 The number of participants a server can handle, greatly depends on the number of streams that need to be handled.
 In principle there's at least 2 streams per participant (ignoring screensharing) for audio + video incoming (upstream), and then each of those streams is sent to all participants (excluding the sender). This leads to 2n * (n - 1) streams when everyone is sending and receiving vide + audio. A single cpu core is expected to be able to handle ~500 streams, which leads to ~16 participants.
 
 This number can of course be greatly affected by reducing the number of streams that need to be handled, e.g. listeners not sending video.
 
 ### Horizontal scaling
 
 Currently we can scale with the number of threads on a system by using multiple workers, but not across multiple servers.
 
-In the simplest for it would of course be possible to load balance and just distribute rooms on different nodes.
+In the simplest form it would of course be possible to load balance and just distribute rooms on different nodes.
 
 To distribute a single room across different nodes more work is required:
 * A transport needs to be established between the nodes.
 * For each participant on the remote node all streams need to be proxied as well as the signaling.
 
 The benefits of this should be:
 * A room can grow beyond the limits of a server (which would be very large rooms).
 * If we assume peers join a geo-local server:
 ** Instead of having to send N streams across to all peers, we can send 1 stream to the server which then distributes to N peers, reducing the required bandwidth on the path between servers.
 ** If a reencoder is implemented in each server, latency for request of keyframes is reduced.
 ** Local peers can use a more efficient direct path between each other and thus further relieve the server interconnection.
 
 ### High availability
 
-In the simplest for the server is simply restarted and all clients reconnect. This results in a brief interruption and some state is lost (chat history), but everyone should be back in the same room relatively quickly.
+In the simplest form the server is simply restarted and all clients reconnect. This results in a brief interruption and some state is lost (chat history), but everyone should be back in the same room relatively quickly.
 
 More advanced forms could potentially recover the internal state from e.g. redis, to recover quicker and relatively transparent to the user. I think the transports need to be reestablished, but webrtc should allow for this.
 
 ### Reencoder
 
 The reencoder is a process (running on the server) that consumes a track and simply reencodes it and forwards it to the server again. The server will then have to serve that reencoded track to the end user instead of the direct track.
 That way a keyframe request can be handled by the reencoder instead of the original client, which is especially useful with geolocated nodes (due to latency), but in general protects the client from constantly having to generate keyframes whenevery a client looses connection.
 
 A reencoder can be implemented using libmediasoupclient and thus probably is a c++ endavour (or potentially rust?).
 
 ### Ideas to explore
 
 * Automatically disable video for silent participants, and only enable for last N active speakers: https://docs.openvidu.io/en/2.19.0/openvidu-enterprise/#large-scale-sessions
 * Ensure we make use of simulcast (per peer adaptive stream quality, depending on available bandwidth and processing power)
diff --git a/meet/server/config/config.js b/meet/server/config/config.js
index e33ad7c5..7aa56c78 100644
--- a/meet/server/config/config.js
+++ b/meet/server/config/config.js
@@ -1,151 +1,157 @@
 const os = require('os');
 
 module.exports =
 {
+    // Authentication token for API (not websocket) requests
+    authToken: process.env.AUTH_TOKEN,
+    // Turn server configuration
     turn: process.env.TURN_SERVER === 'none' ? null : {
         urls: [
             process.env.TURN_SERVER || 'turn:127.0.0.1:3478?transport=tcp'
         ],
         staticSecret: process.env.TURN_STATIC_SECRET || 'uzYguvIl9tpZFMuQOE78DpOi6Jc7VFSD0UAnvgMsg5n4e74MgIf6vQvbc6LWzZjz',
     },
     /*
     // redis server options used for session storage
     redisOptions: {
         host: process.env.REDIS_IP || '127.0.0.1',
         port: process.env.REDIS_PORT || 6379,
         db: process.env.REDIS_DB || '3',
         ...(process.env.REDIS_PASSWORD ? { password: process.env.REDIS_PASSWORD } : {})
     },
     */
+    // Webhook URL
     webhookURL: process.env.WEBHOOK_URL,
+    // Webhook authentication token
+    webhookToken: process.env.WEBHOOK_TOKEN,
     // if you use encrypted private key the set the passphrase
     tls: {
         // passphrase: 'key_password'
         cert: process.env.SSL_CERT || `/etc/pki/tls/certs/kolab.hosted.com.cert`,
         key: process.env.SSL_KEY || `/etc/pki/tls/certs/kolab.hosted.com.key`,
     },
     // listening Host or IP 
     // If omitted listens on every IP. ("0.0.0.0" and "::")
     listeningHost: process.env.LISTENING_HOST || '0.0.0.0',
     // Listening port for https server.
     listeningPort: process.env.LISTENING_PORT || 12443,
     // Any http request is redirected to https.
     // Listening port for http server.
     listeningRedirectPort: 12080,
     // Listens only on http, only on listeningPort
     // listeningRedirectPort disabled
     // use case: loadbalancer backend
     httpOnly: true,
     publicDomain: process.env.PUBLIC_DOMAIN || '127.0.0.1:12443',
     pathPrefix: '/meetmedia',
     // WebServer/Express trust proxy config for httpOnly mode
     // You can find more info:
     //  - https://expressjs.com/en/guide/behind-proxies.html
     //  - https://www.npmjs.com/package/proxy-addr
     // use case: loadbalancer backend
     trustProxy: '',
     // When truthy, the room will be open to all users when as long as there
     // are allready users in the room
     activateOnHostJoin: true,
     // Room size before spreading to new router
     routerScaleSize: process.env.ROUTER_SCALE_SIZE || 40,
     // Socket timout value
     requestTimeout: 20000,
     // Socket retries when timeout
     requestRetries: 3,
     // Mediasoup settings
     mediasoup: {
         numWorkers: process.env.MEDIASOUP_NUM_WORKERS || Object.keys(os.cpus()).length,
         // mediasoup Worker settings.
         worker: {
             logLevel: 'warn',
             logTags: [
                 'info',
                 'ice',
                 'dtls',
                 'rtp',
                 'srtp',
                 'rtcp'
             ],
             rtcMinPort: 40000,
             rtcMaxPort: 49999
         },
         // mediasoup Router settings.
         router: {
             // Router media codecs.
             mediaCodecs: [
                 {
                     kind      : 'audio',
                     mimeType  : 'audio/opus',
                     clockRate : 48000,
                     channels  : 2
                 },
                 {
                     kind       : 'video',
                     mimeType   : 'video/VP8',
                     clockRate  : 90000,
                     parameters :
                     {
                         'x-google-start-bitrate' : 1000
                     }
                 },
                 {
                     kind       : 'video',
                     mimeType   : 'video/VP9',
                     clockRate  : 90000,
                     parameters :
                     {
                         'profile-id'             : 2,
                         'x-google-start-bitrate' : 1000
                     }
                 },
                 {
                     kind       : 'video',
                     mimeType   : 'video/h264',
                     clockRate  : 90000,
                     parameters :
                     {
                         'packetization-mode'      : 1,
                         'profile-level-id'        : '4d0032',
                         'level-asymmetry-allowed' : 1,
                         'x-google-start-bitrate'  : 1000
                     }
                 },
                 {
                     kind       : 'video',
                     mimeType   : 'video/h264',
                     clockRate  : 90000,
                     parameters :
                     {
                         'packetization-mode'      : 1,
                         'profile-level-id'        : '42e01f',
                         'level-asymmetry-allowed' : 1,
                         'x-google-start-bitrate'  : 1000
                     }
                 }
             ]
         },
         // mediasoup WebRtcTransport settings.
         webRtcTransport: {
             listenIps: [
                 { ip: process.env.PUBLIC_IP || '127.0.0.1', announcedIp: null }
             ],
             initialAvailableOutgoingBitrate: 1000000,
             minimumAvailableOutgoingBitrate: 600000,
             // Additional options that are not part of WebRtcTransportOptions.
             maxIncomingBitrate: 1500000
         }
     }
 
     /*
     ,
     // Prometheus exporter
     prometheus: {
         deidentify: false, // deidentify IP addresses
         // listen: 'localhost', // exporter listens on this address
         numeric: false, // show numeric IP addresses
         port: 8889, // allocated port
         quiet: false // include fewer labels
     }
     */
 };
diff --git a/meet/server/package.json b/meet/server/package.json
index 9b9dfc25..801bc3c2 100644
--- a/meet/server/package.json
+++ b/meet/server/package.json
@@ -1,38 +1,37 @@
 {
     "name": "kolabmeet-server",
-    "version": "3.3.4",
     "private": true,
     "license": "MIT",
     "scripts": {
         "start": "node server.js",
         "connect": "node connect.js",
         "lint": "eslint -c .eslintrc.json --ext .js *.js lib/",
         "lint-fix": "eslint --fix -c .eslintrc.json --ext .js *.js lib/",
         "test": "mocha --inline-diffs --async-stack-traces --full-trace --exit test/test.js",
         "performancetestbench": "mocha -b -t 0 test/performancetestbench.js"
     },
     "dependencies": {
         "awaitqueue": "^1.0.0",
         "axios": "^0.21.1",
         "body-parser": "^1.19.0",
         "colors": "^1.4.0",
         "compression": "^1.7.4",
         "debug": "^4.1.1",
         "express": "^4.17.1",
         "helmet": "^3.21.2",
         "mediasoup": "^3.8.4",
         "pidusage": "^2.0.17",
         "prom-client": ">=12.0.0",
         "socket.io": "^2.3.0",
         "spdy": "^4.0.1",
         "uuid": "^7.0.2"
     },
     "devDependencies": {
         "dgram": "^1.0.1",
         "child_process": "^1.0.2",
         "eslint": "^6.8.0",
         "mediasoup-client": "^3.6.37",
         "mocha": "^9.1.1",
         "supertest": "^6.1.6"
     }
 }
diff --git a/meet/server/server.js b/meet/server/server.js
index 59603498..acd7b028 100755
--- a/meet/server/server.js
+++ b/meet/server/server.js
@@ -1,390 +1,395 @@
 #!/usr/bin/env node
 
 process.title = 'kolabmeet-server';
 
 const config = require('./config/config');
 const fs = require('fs');
 const http = require('http');
 const spdy = require('spdy');
 const express = require('express');
 const bodyParser = require('body-parser');
 const compression = require('compression');
 const mediasoup = require('mediasoup');
 const AwaitQueue = require('awaitqueue');
 const Logger = require('./lib/Logger');
 const Room = require('./lib/Room');
 const Peer = require('./lib/Peer');
 const helmet = require('helmet');
 const axios = require('axios');
 const interactiveServer = require('./lib/interactiveServer');
 const promExporter = require('./lib/promExporter');
 const { v4: uuidv4 } = require('uuid');
 
 /* eslint-disable no-console */
 console.log('- process.env.DEBUG:', process.env.DEBUG);
 console.log('- config.mediasoup.worker.logLevel:', config.mediasoup.worker.logLevel);
 console.log('- config.mediasoup.worker.logTags:', config.mediasoup.worker.logTags);
 /* eslint-enable no-console */
 
 const logger = new Logger();
 
 const queue = new AwaitQueue();
 
 let statusLogger = null;
 
 if ('StatusLogger' in config)
     statusLogger = new config.StatusLogger();
 
 // mediasoup Workers.
 // @type {Array<mediasoup.Worker>}
 const mediasoupWorkers = [];
 
 // Map of Room instances indexed by roomId.
 const rooms = new Map();
 
 // Map of Peer instances indexed by peerId.
 const peers = new Map();
 
 // TLS server configuration.
 const tls = {
     cert: fs.readFileSync(config.tls.cert),
     key: fs.readFileSync(config.tls.key),
     secureOptions: 'tlsv12',
     ciphers: [
         'ECDHE-ECDSA-AES128-GCM-SHA256',
         'ECDHE-RSA-AES128-GCM-SHA256',
         'ECDHE-ECDSA-AES256-GCM-SHA384',
         'ECDHE-RSA-AES256-GCM-SHA384',
         'ECDHE-ECDSA-CHACHA20-POLY1305',
         'ECDHE-RSA-CHACHA20-POLY1305',
         'DHE-RSA-AES128-GCM-SHA256',
         'DHE-RSA-AES256-GCM-SHA384'
     ].join(':'),
     honorCipherOrder: true
 };
 
 // HTTP client instance for webhook "pushes"
 let webhook = null;
 if (config.webhookURL) {
     webhook = axios.create({
         baseURL: config.webhookURL,
+        headers: { 'X-Auth-Token': config.webhookToken },
         timeout: 5000
     });
 }
 
 const app = express();
 
 app.use(helmet.hsts());
 
+app.use((req, res, next) => {
+    if (req.get('X-Auth-Token') !== config.authToken) {
+        res.status(403).send();
+    } else {
+        next();
+    }
+});
+
 app.use(bodyParser.json({ limit: '5mb' }));
 app.use(bodyParser.urlencoded({ limit: '5mb', extended: true }));
 
 if (config.trustProxy) {
     app.set('trust proxy', config.trustProxy);
 }
 
 let mainListener;
 let io;
 
 async function run() {
     try {
         // Open the interactive server.
         await interactiveServer(rooms, peers);
 
         // start Prometheus exporter
         if (config.prometheus) {
             await promExporter(rooms, peers, config.prometheus);
         }
 
         // Run a mediasoup Worker.
         await runMediasoupWorkers();
 
         // Run HTTPS server.
         await runHttpsServer();
 
         // Run WebSocketServer.
         await runWebSocketServer();
 
         const errorHandler = (err, req, res /*, next */) => {
             const trackingId = uuidv4();
 
             res.status(500).send(
                 `<h1>Internal Server Error</h1>
                 <p>If you report this error, please also report this 
                 <i>tracking ID</i> which makes it possible to locate your session
                 in the logs which are available to the system administrator: 
                 <b>${trackingId}</b></p>`
             );
             logger.error(
                 'Express error handler dump with tracking ID: %s, error dump: %o',
                 trackingId, err);
         };
 
         app.use(errorHandler);
     } catch (error) {
         logger.error('run() [error:"%o"]', error);
     }
 
     app.emit('ready');
 }
 
 function statusLog() {
     if (statusLogger) {
         statusLogger.log({ rooms, peers });
     }
 }
 
 async function runHttpsServer() {
     app.use(compression());
 
     app.get(`${config.pathPrefix}/api/ping`, function (req, res /*, next*/) {
         res.send('PONG');
     })
 
     app.get(`${config.pathPrefix}/api/sessions`, function (req, res /*, next*/) {
         let list = [];
 
         rooms.forEach(room => {
             list.push({
                 roomId: room.id,
                 createdAt: room.createdAt
             });
         })
 
         res.json(list)
     })
 
     // Check if the room exists
     app.get(`${config.pathPrefix}/api/sessions/:session_id`, function (req, res /*, next*/) {
-        console.log("Checking for room");
-
         const room = rooms.get(req.params.session_id);
 
         if (!room) {
-            console.log("doesn't exist");
             res.status(404).send();
         } else {
-            console.log("exist");
             res.status(200).send();
         }
     })
 
     // Create room and return id
     app.post(`${config.pathPrefix}/api/sessions`, async function (req, res /*, next*/) {
         console.log("Creating new room");
 
         const room = await createRoom();
 
         res.json({
             id : room.id
         })
     })
 
     // Seend websocket notification signals to room participants
     app.post(`${config.pathPrefix}/api/signal`, async function (req, res /*, next*/) {
         const data = req.body;
         const roomId = data.roomId;
         const emit = (socket) => {
             socket.emit('notification', {
                 method: `signal:${data.type}`,
                 data: data.data
             })
         };
 
         if ('role' in data) {
             peers.forEach(peer => {
                 if (peer.socket && peer.roomId == roomId && peer.hasRole(data.role)) {
                     emit(peer.socket);
                 }
             })
         } else {
             emit(io.to(roomId));
         }
 
         res.json({});
     });
 
     // Create connection in room (just wait for websocket instead?
     // $post = [
     //     'json' => [
     //         'role' => self::OV_ROLE_PUBLISHER,
     //         'data' => json_encode(['role' => $role])
     //     ]
     // ];
     app.post(`${config.pathPrefix}/api/sessions/:session_id/connection`, function (req, res /*, next*/) {
         logger.info('Creating peer connection [roomId:"%s"]', req.params.session_id);
 
         const roomId = req.params.session_id;
         const room = rooms.get(roomId);
 
         if (!room) {
             res.status(404).send();
             return;
         }
 
         const peer = new Peer({ roomId });
 
         peers.set(peer.id, peer);
 
         peer.on('close', () => {
             peers.delete(peer.id);
             statusLog();
         });
 
         const data = req.body;
 
         if ('role' in data)
             peer.setRole(data.role);
 
         const proto = config.publicDomain.includes('localhost') || config.publicDomain.includes('127.0.0.1') ? 'ws' : 'wss';
 
         res.json({
             id: peer.id,
             // Note: socket.io client will end up using (hardcoded) /meetmedia/signaling path
             token: `${proto}://${config.publicDomain}?peerId=${peer.id}&roomId=${roomId}&authToken=${peer.authToken}`
         });
     })
 
     if (config.httpOnly === true) {
         // http
         mainListener = http.createServer(app);
     } else {
         // https
         mainListener = spdy.createServer(tls, app);
 
         // http
         const redirectListener = http.createServer(app);
 
         if (config.listeningHost)
             redirectListener.listen(config.listeningRedirectPort, config.listeningHost);
         else
             redirectListener.listen(config.listeningRedirectPort);
     }
 
     console.info(`Listening on ${config.listeningPort} ${config.listeningHost}`)
     // https or http
     if (config.listeningHost)
         mainListener.listen(config.listeningPort, config.listeningHost);
     else
         mainListener.listen(config.listeningPort);
 }
 
 /**
  * Create a WebSocketServer to allow WebSocket connections from browsers.
  */
 async function runWebSocketServer() {
     io = require('socket.io')(mainListener, {
         path: `${config.pathPrefix}/signaling`,
         cookie: false
     });
 
     // Handle connections from clients.
     io.on('connection', (socket) => {
         logger.info("websocket connection")
 
         const { roomId, peerId, authToken } = socket.handshake.query;
 
         if (!roomId || !peerId || !authToken) {
             logger.warn('connection request without roomId and/or peerId');
             socket.disconnect(true);
             return;
         }
 
         logger.info('connection request [roomId:"%s", peerId:"%s"]', roomId, peerId);
 
         queue.push(async () => {
             const room = rooms.get(roomId);
 
             if (!room) {
                 logger.warn("Room does not exist %s", roomId);
                 socket.disconnect(true);
                 return;
             }
 
             const peer = peers.get(peerId);
 
             if (!peer || peer.roomId != roomId || peer.authToken != authToken) {
                 logger.warn("Peer does not exist %s", peerId);
                 socket.disconnect(true);
                 return;
             }
 
             peer.socket = socket;
 
             room.handlePeer({ peer });
 
             statusLog();
         })
             .catch((error) => {
                 logger.error('room creation or room joining failed [error:"%o"]', error);
 
                 if (socket)
                     socket.disconnect(true);
             });
     });
 }
 
 /**
  * Launch as many mediasoup Workers as given in the configuration file.
  */
 async function runMediasoupWorkers() {
     const { numWorkers } = config.mediasoup;
 
     logger.info('running %d mediasoup Workers...', numWorkers);
 
     for (let i = 0; i < numWorkers; ++i) {
         const worker = await mediasoup.createWorker(
             {
                 logLevel   : config.mediasoup.worker.logLevel,
                 logTags    : config.mediasoup.worker.logTags,
                 rtcMinPort : config.mediasoup.worker.rtcMinPort,
                 rtcMaxPort : config.mediasoup.worker.rtcMaxPort
             });
 
         worker.on('died', () => {
             logger.error(
                 'mediasoup Worker died, exiting  in 2 seconds... [pid:%d]', worker.pid);
 
             setTimeout(() => process.exit(1), 2000);
         });
 
         mediasoupWorkers.push(worker);
     }
 }
 
 /**
  * Get a Room instance (or create one if it does not exist).
  */
 async function createRoom() {
     logger.info('creating a new Room');
 
     // Create the room
     const room = await Room.create({ mediasoupWorkers, peers: {}, webhook });
 
     room.on('close', () => {
         logger.info('closing a Room [roomId:"%s"]', room.id);
 
         rooms.delete(room.id);
         statusLog();
 
         if (webhook) {
             webhook.post('', { roomId: room.id, event: 'roomClosed' })
                 .then(function (/* response */) {
                     logger.info(`Room ${room.id} closed. Webhook succeeded.`);
                 })
                 .catch(function (error) {
                     logger.error(error);
                 });
         }
     });
 
     rooms.set(room.id, room);
 
     statusLog();
 
     return room;
 }
 
 run();
 
 module.exports = app; // export for testing
diff --git a/src/.env.example b/src/.env.example
index 2a898458..c1e2ab29 100644
--- a/src/.env.example
+++ b/src/.env.example
@@ -1,163 +1,164 @@
 APP_NAME=Kolab
 APP_ENV=local
 APP_KEY=
 APP_DEBUG=true
 APP_URL=http://127.0.0.1:8000
 #APP_PASSPHRASE=
 APP_PUBLIC_URL=
 APP_DOMAIN=kolabnow.com
 APP_WEBSITE_DOMAIN=kolabnow.com
 APP_THEME=default
 APP_TENANT_ID=5
 APP_LOCALE=en
 APP_LOCALES=
 
 APP_WITH_ADMIN=1
 APP_WITH_RESELLER=1
 APP_WITH_SERVICES=1
 
 ASSET_URL=http://127.0.0.1:8000
 
 WEBMAIL_URL=/apps
 SUPPORT_URL=/support
 SUPPORT_EMAIL=
 
 LOG_CHANNEL=stack
 LOG_SLOW_REQUESTS=5
 
 DB_CONNECTION=mysql
 DB_DATABASE=kolabdev
 DB_HOST=127.0.0.1
 DB_PASSWORD=kolab
 DB_PORT=3306
 DB_USERNAME=kolabdev
 
 BROADCAST_DRIVER=redis
 CACHE_DRIVER=redis
 
 QUEUE_CONNECTION=redis
 
 SESSION_DRIVER=file
 SESSION_LIFETIME=120
 
 OPENEXCHANGERATES_API_KEY="from openexchangerates.org"
 
 MFA_DSN=mysql://roundcube:Welcome2KolabSystems@127.0.0.1/roundcube
 MFA_TOTP_DIGITS=6
 MFA_TOTP_INTERVAL=30
 MFA_TOTP_DIGEST=sha1
 
 IMAP_URI=ssl://127.0.0.1:11993
 IMAP_ADMIN_LOGIN=cyrus-admin
 IMAP_ADMIN_PASSWORD=Welcome2KolabSystems
 IMAP_VERIFY_HOST=false
 IMAP_VERIFY_PEER=false
 
 LDAP_BASE_DN="dc=mgmt,dc=com"
 LDAP_DOMAIN_BASE_DN="ou=Domains,dc=mgmt,dc=com"
 LDAP_HOSTS=127.0.0.1
 LDAP_PORT=389
 LDAP_SERVICE_BIND_DN="uid=kolab-service,ou=Special Users,dc=mgmt,dc=com"
 LDAP_SERVICE_BIND_PW="Welcome2KolabSystems"
 LDAP_USE_SSL=false
 LDAP_USE_TLS=false
 
 # Administrative
 LDAP_ADMIN_BIND_DN="cn=Directory Manager"
 LDAP_ADMIN_BIND_PW="Welcome2KolabSystems"
 LDAP_ADMIN_ROOT_DN="dc=mgmt,dc=com"
 
 # Hosted (public registration)
 LDAP_HOSTED_BIND_DN="uid=hosted-kolab-service,ou=Special Users,dc=mgmt,dc=com"
 LDAP_HOSTED_BIND_PW="Welcome2KolabSystems"
 LDAP_HOSTED_ROOT_DN="dc=hosted,dc=com"
 
 COTURN_PUBLIC_IP=127.0.0.1
 COTURN_STATIC_SECRET="Welcome2KolabSystems"
 
+MEET_WEBHOOK_TOKEN=Welcome2KolabSystems
+MEET_SERVER_TOKEN=Welcome2KolabSystems
+MEET_SERVER_URL=https://localhost:8443/api/
+MEET_SERVER_VERIFY_TLS=true
+
 MEET_REDIS_IP=127.0.0.1
 MEET_REDIS_PORT=6379
 MEET_REDIS_DATABASE=3
 MEET_REDIS_PASSWORD=0
 MEET_PUBLIC_IP=127.0.0.1
 MEET_PUBLIC_DOMAIN=127.0.0.1:12443
 MEET_TURN_SERVER='turn:127.0.0.1:3478?transport=tcp'
 
-# "CDR" events, see https://docs.openvidu.io/en/2.13.0/reference-docs/openvidu-server-cdr/
-#OPENVIDU_WEBHOOK_EVENTS=[sessionCreated,sessionDestroyed,participantJoined,participantLeft,webrtcConnectionCreated,webrtcConnectionDestroyed,recordingStatusChanged,filterEventDispatched,mediaNodeStatusChanged]
-#OPENVIDU_WEBHOOK_HEADERS=[\"Authorization:\ Basic\ SOMETHING\"]
-
 PGP_ENABLED=
 PGP_BINARY=
 PGP_AGENT=
 PGP_GPGCONF=
 PGP_LENGTH=
 
 REDIS_HOST=127.0.0.1
 REDIS_PASSWORD=null
 REDIS_PORT=6379
 
 SWOOLE_HOT_RELOAD_ENABLE=true
 SWOOLE_HTTP_ACCESS_LOG=true
 SWOOLE_HTTP_HOST=127.0.0.1
 SWOOLE_HTTP_PORT=8000
 SWOOLE_HTTP_REACTOR_NUM=1
 SWOOLE_HTTP_WEBSOCKET=true
 SWOOLE_HTTP_WORKER_NUM=1
 SWOOLE_OB_OUTPUT=true
 
 PAYMENT_PROVIDER=
 MOLLIE_KEY=
 STRIPE_KEY=
 STRIPE_PUBLIC_KEY=
 STRIPE_WEBHOOK_SECRET=
 
 MAIL_DRIVER=smtp
 MAIL_HOST=smtp.mailtrap.io
 MAIL_PORT=2525
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
 MAIL_FROM_ADDRESS="noreply@example.com"
 MAIL_FROM_NAME="Example.com"
 MAIL_REPLYTO_ADDRESS="replyto@example.com"
 MAIL_REPLYTO_NAME=null
 
 DNS_TTL=3600
 DNS_SPF="v=spf1 mx -all"
 DNS_STATIC="%s.    MX  10 ext-mx01.mykolab.com."
 DNS_COPY_FROM=null
 
 AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
 AWS_DEFAULT_REGION=us-east-1
 AWS_BUCKET=
 
 PUSHER_APP_ID=
 PUSHER_APP_KEY=
 PUSHER_APP_SECRET=
 PUSHER_APP_CLUSTER=mt1
 
 MIX_ASSET_PATH='/'
 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
 MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
 
 # Generate with ./artisan passport:client --password
 #PASSPORT_PROXY_OAUTH_CLIENT_ID=
 #PASSPORT_PROXY_OAUTH_CLIENT_SECRET=
 
 PASSPORT_PRIVATE_KEY=
 PASSPORT_PUBLIC_KEY=
 
 COMPANY_NAME=
 COMPANY_ADDRESS=
 COMPANY_DETAILS=
 COMPANY_EMAIL=
 COMPANY_LOGO=
 COMPANY_FOOTER=
 
 VAT_COUNTRIES=CH,LI
 VAT_RATE=7.7
 
 KB_ACCOUNT_DELETE=
 KB_ACCOUNT_SUSPENDED=
diff --git a/src/app/Http/Controllers/API/V4/OpenViduController.php b/src/app/Http/Controllers/API/V4/OpenViduController.php
index 5d8225d5..7df5b740 100644
--- a/src/app/Http/Controllers/API/V4/OpenViduController.php
+++ b/src/app/Http/Controllers/API/V4/OpenViduController.php
@@ -1,288 +1,293 @@
 <?php
 
 namespace App\Http\Controllers\API\V4;
 
 use App\Http\Controllers\Controller;
 use App\OpenVidu\Room;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Validator;
 
 class OpenViduController extends Controller
 {
     /**
      * Listing of rooms that belong to the authenticated user.
      *
      * @return \Illuminate\Http\JsonResponse
      */
     public function index()
     {
         $user = Auth::guard()->user();
 
         $rooms = Room::where('user_id', $user->id)->orderBy('name')->get();
 
         if (count($rooms) == 0) {
             // Create a room for the user (with a random and unique name)
             while (true) {
                 $name = strtolower(\App\Utils::randStr(3, 3, '-'));
                 if (!Room::where('name', $name)->count()) {
                     break;
                 }
             }
 
             $room = Room::create([
                     'name' => $name,
                     'user_id' => $user->id
             ]);
 
             $rooms = collect([$room]);
         }
 
         $result = [
             'list' => $rooms,
             'count' => count($rooms),
         ];
 
         return response()->json($result);
     }
 
     /**
      * Join the room session. Each room has one owner, and the room isn't open until the owner
      * joins (and effectively creates the session).
      *
      * @param string $id Room identifier (name)
      *
      * @return \Illuminate\Http\JsonResponse
      */
     public function joinRoom($id)
     {
         $room = Room::where('name', $id)->first();
 
         // Room does not exist, or the owner is deleted
         if (!$room || !$room->owner) {
             return $this->errorResponse(404, \trans('meet.room-not-found'));
         }
 
         // Check if there's still a valid meet entitlement for the room owner
         if (!$room->owner->hasSku('meet')) {
             return $this->errorResponse(404, \trans('meet.room-not-found'));
         }
 
         $user = Auth::guard()->user();
         $isOwner = $user && $user->id == $room->user_id;
         $init = !empty(request()->input('init'));
 
         // There's no existing session
         if (!$room->hasSession()) {
             // Participants can't join the room until the session is created by the owner
             if (!$isOwner) {
                 return $this->errorResponse(422, \trans('meet.session-not-found'), ['code' => 323]);
             }
 
             // The room owner can create the session on request
             if (!$init) {
                 return $this->errorResponse(422, \trans('meet.session-not-found'), ['code' => 324]);
             }
 
             $session = $room->createSession();
 
             if (empty($session)) {
                 return $this->errorResponse(500, \trans('meet.session-create-error'));
             }
         }
 
         $settings = $room->getSettings(['locked', 'nomedia', 'password']);
         $password = (string) $settings['password'];
 
         $config = [
             'locked' => $settings['locked'] === 'true',
             'nomedia' => $settings['nomedia'] === 'true',
             'password' => $isOwner ? $password : '',
             'requires_password' => !$isOwner && strlen($password),
         ];
 
         $response = ['config' => $config];
 
         // Validate room password
         if (!$isOwner && strlen($password)) {
             $request_password = request()->input('password');
             if ($request_password !== $password) {
                 return $this->errorResponse(422, \trans('meet.session-password-error'), $response + ['code' => 325]);
             }
         }
 
         // Handle locked room
         if (!$isOwner && $config['locked']) {
             $nickname = request()->input('nickname');
             $picture = request()->input('picture');
             $requestId = request()->input('requestId');
 
             $request = $requestId ? $room->requestGet($requestId) : null;
 
             $error = \trans('meet.session-room-locked-error');
 
             // Request already has been processed (not accepted yet, but it could be denied)
             if (empty($request['status']) || $request['status'] != Room::REQUEST_ACCEPTED) {
                 if (!$request) {
                     if (empty($nickname) || empty($requestId) || !preg_match('/^[a-z0-9]{8,32}$/i', $requestId)) {
                         return $this->errorResponse(422, $error, $response + ['code' => 326]);
                     }
 
                     if (empty($picture)) {
                         $svg = file_get_contents(resource_path('images/user.svg'));
                         $picture = 'data:image/svg+xml;base64,' . base64_encode($svg);
                     } elseif (!preg_match('|^data:image/png;base64,[a-zA-Z0-9=+/]+$|', $picture)) {
                         return $this->errorResponse(422, $error, $response + ['code' => 326]);
                     }
 
                     // TODO: Resize when big/make safe the user picture?
 
                     $request = ['nickname' => $nickname, 'requestId' => $requestId, 'picture' => $picture];
 
                     if (!$room->requestSave($requestId, $request)) {
                         // FIXME: should we use error code 500?
                         return $this->errorResponse(422, $error, $response + ['code' => 326]);
                     }
 
                     // Send the request (signal) to all moderators
                     $result = $room->signal('joinRequest', $request, Room::ROLE_MODERATOR);
                 }
 
                 return $this->errorResponse(422, $error, $response + ['code' => 327]);
             }
         }
 
         // Initialize connection tokens
         if ($init) {
             // Choose the connection role
             $canPublish = !empty(request()->input('canPublish')) && (empty($config['nomedia']) || $isOwner);
             $role = $canPublish ? Room::ROLE_PUBLISHER : Room::ROLE_SUBSCRIBER;
             if ($isOwner) {
                 $role |= Room::ROLE_MODERATOR;
                 $role |= Room::ROLE_OWNER;
             }
 
             // Create session token for the current user/connection
             $response = $room->getSessionToken($role);
 
             if (empty($response)) {
                 return $this->errorResponse(500, \trans('meet.session-join-error'));
             }
 
             $response_code = 200;
             $response['role'] = $role;
             $response['config'] = $config;
         } else {
             $response_code = 422;
             $response['code'] = 322;
         }
 
         return response()->json($response, $response_code);
     }
 
     /**
      * Set the domain configuration.
      *
      * @param string $id Room identifier (name)
      *
      * @return \Illuminate\Http\JsonResponse|void
      */
     public function setRoomConfig($id)
     {
         $room = Room::where('name', $id)->first();
 
         // Room does not exist, or the owner is deleted
         if (!$room || !$room->owner) {
             return $this->errorResponse(404);
         }
 
         $user = Auth::guard()->user();
 
         // Only room owner can configure the room
         if ($user->id != $room->user_id) {
             return $this->errorResponse(403);
         }
 
         $input = request()->input();
         $errors = [];
 
         foreach ($input as $key => $value) {
             switch ($key) {
                 case 'password':
                     if ($value === null || $value === '') {
                         $input[$key] = null;
                     } else {
                         // TODO: Do we have to validate the password in any way?
                     }
                     break;
 
                 case 'locked':
                     $input[$key] = $value ? 'true' : null;
                     break;
 
                 case 'nomedia':
                     $input[$key] = $value ? 'true' : null;
                     break;
 
                 default:
                     $errors[$key] = \trans('meet.room-unsupported-option-error');
             }
         }
 
         if (!empty($errors)) {
             return response()->json(['status' => 'error', 'errors' => $errors], 422);
         }
 
         if (!empty($input)) {
             $room->setSettings($input);
         }
 
         return response()->json([
                 'status' => 'success',
                 'message' => \trans('meet.room-setconfig-success'),
         ]);
     }
 
     /**
      * Webhook as triggered from OpenVidu server
      *
      * @param \Illuminate\Http\Request $request The API request.
      *
      * @return \Illuminate\Http\Response The response
      */
     public function webhook(Request $request)
     {
         \Log::debug($request->getContent());
 
+        // Authenticate the request
+        if ($request->headers->get('X-Auth-Token') != \config('meet.webhook_token')) {
+            return response('Unauthorized', 403);
+        }
+
         $sessionId = (string) $request->input('roomId');
         $event = (string) $request->input('event');
 
         switch ($event) {
             case 'roomClosed':
                 // When all participants left the room the server will dispatch roomClosed
                 // event. We'll remove the session reference from the database.
                 $room = Room::where('session_id', $sessionId)->first();
 
                 if ($room) {
                     $room->session_id = null;
                     $room->save();
                 }
 
                 break;
 
             case 'joinRequestAccepted':
             case 'joinRequestDenied':
                 $room = Room::where('session_id', $sessionId)->first();
 
                 if ($room) {
                     $method = $event == 'joinRequestAccepted' ? 'requestAccept' : 'requestDeny';
 
                     $room->{$method}($request->input('requestId'));
                 }
 
                 break;
         }
 
         return response('Success', 200);
     }
 }
diff --git a/src/app/OpenVidu/Room.php b/src/app/OpenVidu/Room.php
index eff25def..c251321c 100644
--- a/src/app/OpenVidu/Room.php
+++ b/src/app/OpenVidu/Room.php
@@ -1,275 +1,293 @@
 <?php
 
 namespace App\OpenVidu;
 
 use App\Traits\SettingsTrait;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Support\Facades\Cache;
 
 /**
  * The eloquent definition of a Room.
  *
  * @property int     $id         Room identifier
  * @property string  $name       Room name
  * @property int     $user_id    Room owner
  * @property ?string $session_id OpenVidu session identifier
  */
 class Room extends Model
 {
     use SettingsTrait;
 
     public const ROLE_SUBSCRIBER = 1 << 0;
     public const ROLE_PUBLISHER = 1 << 1;
     public const ROLE_MODERATOR = 1 << 2;
     public const ROLE_SCREEN = 1 << 3;
     public const ROLE_OWNER = 1 << 4;
 
     public const REQUEST_ACCEPTED = 'accepted';
     public const REQUEST_DENIED = 'denied';
 
     private const OV_ROLE_MODERATOR = 'MODERATOR';
     private const OV_ROLE_PUBLISHER = 'PUBLISHER';
     private const OV_ROLE_SUBSCRIBER = 'SUBSCRIBER';
 
     protected $fillable = [
         'user_id',
         'name'
     ];
 
     protected $table = 'openvidu_rooms';
 
     /** @var \GuzzleHttp\Client|null HTTP client instance */
     private static $client = null;
 
 
     /**
      * Creates HTTP client for connections to OpenVidu server
      *
      * @return \GuzzleHttp\Client HTTP client instance
      */
     private function client()
     {
         if (!self::$client) {
             self::$client = new \GuzzleHttp\Client(
                 [
                     'http_errors' => false, // No exceptions from Guzzle
-                    'base_uri' => \config('openvidu.api_url'),
-                    'verify' => \config('openvidu.api_verify_tls'),
-                    'auth' => [
-                        \config('openvidu.api_username'),
-                        \config('openvidu.api_password')
+                    'base_uri' => \config('meet.api_url'),
+                    'verify' => \config('meet.api_verify_tls'),
+                    'headers' => [
+                        'X-Auth-Token' => \config('meet.api_token'),
                     ],
+                    'connect_timeout' => 10,
+                    'timeout' => 10,
                     'on_stats' => function (\GuzzleHttp\TransferStats $stats) {
                         $threshold = \config('logging.slow_log');
                         if ($threshold && ($sec = $stats->getTransferTime()) > $threshold) {
                             $url = $stats->getEffectiveUri();
                             $method = $stats->getRequest()->getMethod();
                             \Log::warning(sprintf("[STATS] %s %s: %.4f sec.", $method, $url, $sec));
                         }
                     },
                 ]
             );
         }
 
         return self::$client;
     }
 
     /**
      * Create a OpenVidu session
      *
      * @return array|null Session data on success, NULL otherwise
      */
     public function createSession(): ?array
     {
         $params = [
             'json' => [ /* request params here */ ]
         ];
 
         $response = $this->client()->request('POST', "sessions", $params);
 
         if ($response->getStatusCode() !== 200) {
+            $this->logError("Failed to create the meet session", $response);
             $this->session_id = null;
             $this->save();
             return null;
-
-            // TODO: Log an error/warning
         }
 
         $session = json_decode($response->getBody(), true);
 
         $this->session_id = $session['id'];
         $this->save();
 
         return $session;
     }
 
     /**
      * Create a OpenVidu session (connection) token
      *
      * @param int $role User role (see self::ROLE_* constants)
      *
      * @return array|null Token data on success, NULL otherwise
      * @throws \Exception if session does not exist
      */
     public function getSessionToken($role = self::ROLE_SUBSCRIBER): ?array
     {
         if (!$this->session_id) {
             throw new \Exception("The room session does not exist");
         }
 
         $url = 'sessions/' . $this->session_id . '/connection';
         $post = [
             'json' => [
                 'role' => $role,
             ]
         ];
 
         $response = $this->client()->request('POST', $url, $post);
 
         if ($response->getStatusCode() == 200) {
             $json = json_decode($response->getBody(), true);
 
             return [
                 'token' => $json['token'],
                 'role' => $role,
             ];
         }
 
-        // TODO: Log an error/warning on non-200 response
+        $this->logError("Failed to create the meet peer connection", $response);
 
         return null;
     }
 
     /**
      * Check if the room has an active session
      *
      * @return bool True when the session exists, False otherwise
      */
     public function hasSession(): bool
     {
         if (!$this->session_id) {
             return false;
         }
 
         $response = $this->client()->request('GET', "sessions/{$this->session_id}");
 
+        $this->logError("Failed to check that a meet session exists", $response);
+
         return $response->getStatusCode() == 200;
     }
 
     /**
      * The room owner.
      *
      * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
      */
     public function owner()
     {
         return $this->belongsTo('\App\User', 'user_id', 'id');
     }
 
     /**
      * Accept the join request.
      *
      * @param string $id Request identifier
      *
      * @return bool True on success, False on failure
      */
     public function requestAccept(string $id): bool
     {
         $request = Cache::get($this->session_id . '-' . $id);
 
         if ($request) {
             $request['status'] = self::REQUEST_ACCEPTED;
 
             return Cache::put($this->session_id . '-' . $id, $request, now()->addHours(1));
         }
 
         return false;
     }
 
     /**
      * Deny the join request.
      *
      * @param string $id Request identifier
      *
      * @return bool True on success, False on failure
      */
     public function requestDeny(string $id): bool
     {
         $request = Cache::get($this->session_id . '-' . $id);
 
         if ($request) {
             $request['status'] = self::REQUEST_DENIED;
 
             return Cache::put($this->session_id . '-' . $id, $request, now()->addHours(1));
         }
 
         return false;
     }
 
     /**
      * Get the join request data.
      *
      * @param string $id Request identifier
      *
      * @return array|null Request data (e.g. nickname, status, picture?)
      */
     public function requestGet(string $id): ?array
     {
         return Cache::get($this->session_id . '-' . $id);
     }
 
     /**
      * Save the join request.
      *
      * @param string $id      Request identifier
      * @param array  $request Request data
      *
      * @return bool True on success, False on failure
      */
     public function requestSave(string $id, array $request): bool
     {
         // We don't really need the picture in the cache
         // As we use this cache for the request status only
         unset($request['picture']);
 
         return Cache::put($this->session_id . '-' . $id, $request, now()->addHours(1));
     }
 
     /**
      * Any (additional) properties of this room.
      *
      * @return \Illuminate\Database\Eloquent\Relations\HasMany
      */
     public function settings()
     {
         return $this->hasMany('App\OpenVidu\RoomSetting', 'room_id');
     }
 
     /**
      * Send a OpenVidu signal to the session participants (connections)
      *
      * @param string $name   Signal name (type)
      * @param array  $data   Signal data array
      * @param int    $target Limit targets by their participant role
      *
      * @return bool True on success, False on failure
      * @throws \Exception if session does not exist
      */
     public function signal(string $name, array $data = [], $target = null): bool
     {
         if (!$this->session_id) {
             throw new \Exception("The room session does not exist");
         }
 
         $post = [
             'roomId' => $this->session_id,
             'type'   => $name,
             'role'   => $target,
             'data'   => $data,
         ];
 
         $response = $this->client()->request('POST', 'signal', ['json' => $post]);
 
+        $this->logError("Failed to send a signal to the meet session", $response);
+
         return $response->getStatusCode() == 200;
     }
+
+    /**
+     * Log an error for a failed request to the meet server
+     *
+     * @param string $str      The error string
+     * @param object $response Guzzle client response
+     */
+    private function logError(string $str, $response)
+    {
+        $code = $response->getStatusCode();
+        if ($code != 200) {
+            \Log::error("$str [$code]");
+        }
+    }
 }
diff --git a/src/routes/api.php b/src/routes/api.php
index c74dab62..e8304562 100644
--- a/src/routes/api.php
+++ b/src/routes/api.php
@@ -1,239 +1,232 @@
 <?php
 
 use Illuminate\Http\Request;
 
 /*
 |--------------------------------------------------------------------------
 | API Routes
 |--------------------------------------------------------------------------
 |
 | Here is where you can register API routes for your application. These
 | routes are loaded by the RouteServiceProvider within a group which
 | is assigned the "api" middleware group. Enjoy building your API!
 |
 */
 
 $prefix = \trim(\parse_url(\config('app.url'), PHP_URL_PATH), '/') . '/';
 
 Route::group(
     [
         'middleware' => 'api',
         'prefix' => $prefix . 'api/auth'
     ],
     function ($router) {
         Route::post('login', 'API\AuthController@login');
 
         Route::group(
             ['middleware' => 'auth:api'],
             function ($router) {
                 Route::get('info', 'API\AuthController@info');
                 Route::post('info', 'API\AuthController@info');
                 Route::post('logout', 'API\AuthController@logout');
                 Route::post('refresh', 'API\AuthController@refresh');
             }
         );
     }
 );
 
 Route::group(
     [
         'domain' => \config('app.website_domain'),
         'middleware' => 'api',
         'prefix' => $prefix . 'api/auth'
     ],
     function ($router) {
         Route::post('password-reset/init', 'API\PasswordResetController@init');
         Route::post('password-reset/verify', 'API\PasswordResetController@verify');
         Route::post('password-reset', 'API\PasswordResetController@reset');
 
         Route::post('signup/init', 'API\SignupController@init');
         Route::get('signup/invitations/{id}', 'API\SignupController@invitation');
         Route::get('signup/plans', 'API\SignupController@plans');
         Route::post('signup/verify', 'API\SignupController@verify');
         Route::post('signup', 'API\SignupController@signup');
     }
 );
 
 Route::group(
     [
         'domain' => \config('app.website_domain'),
         'middleware' => 'auth:api',
         'prefix' => $prefix . 'api/v4'
     ],
     function () {
         Route::post('companion/register', 'API\V4\CompanionAppsController@register');
 
         Route::post('auth-attempts/{id}/confirm', 'API\V4\AuthAttemptsController@confirm');
         Route::post('auth-attempts/{id}/deny', 'API\V4\AuthAttemptsController@deny');
         Route::get('auth-attempts/{id}/details', 'API\V4\AuthAttemptsController@details');
         Route::get('auth-attempts', 'API\V4\AuthAttemptsController@index');
 
         Route::apiResource('domains', API\V4\DomainsController::class);
         Route::get('domains/{id}/confirm', 'API\V4\DomainsController@confirm');
         Route::get('domains/{id}/status', 'API\V4\DomainsController@status');
         Route::post('domains/{id}/config', 'API\V4\DomainsController@setConfig');
 
         Route::apiResource('groups', API\V4\GroupsController::class);
         Route::get('groups/{id}/status', 'API\V4\GroupsController@status');
 
         Route::apiResource('packages', API\V4\PackagesController::class);
         Route::apiResource('skus', API\V4\SkusController::class);
 
         Route::apiResource('users', API\V4\UsersController::class);
         Route::post('users/{id}/config', 'API\V4\UsersController@setConfig');
         Route::get('users/{id}/skus', 'API\V4\SkusController@userSkus');
         Route::get('users/{id}/status', 'API\V4\UsersController@status');
 
         Route::apiResource('wallets', API\V4\WalletsController::class);
         Route::get('wallets/{id}/transactions', 'API\V4\WalletsController@transactions');
         Route::get('wallets/{id}/receipts', 'API\V4\WalletsController@receipts');
         Route::get('wallets/{id}/receipts/{receipt}', 'API\V4\WalletsController@receiptDownload');
 
         Route::post('payments', 'API\V4\PaymentsController@store');
         //Route::delete('payments', 'API\V4\PaymentsController@cancel');
         Route::get('payments/mandate', 'API\V4\PaymentsController@mandate');
         Route::post('payments/mandate', 'API\V4\PaymentsController@mandateCreate');
         Route::put('payments/mandate', 'API\V4\PaymentsController@mandateUpdate');
         Route::delete('payments/mandate', 'API\V4\PaymentsController@mandateDelete');
         Route::get('payments/methods', 'API\V4\PaymentsController@paymentMethods');
         Route::get('payments/pending', 'API\V4\PaymentsController@payments');
         Route::get('payments/has-pending', 'API\V4\PaymentsController@hasPayments');
 
         Route::get('openvidu/rooms', 'API\V4\OpenViduController@index');
-        Route::post('openvidu/rooms/{id}/close', 'API\V4\OpenViduController@closeRoom');
         Route::post('openvidu/rooms/{id}/config', 'API\V4\OpenViduController@setRoomConfig');
-
-        // FIXME: I'm not sure about this one, should we use DELETE request maybe?
-        Route::post('openvidu/rooms/{id}/connections/{conn}/dismiss', 'API\V4\OpenViduController@dismissConnection');
-        Route::put('openvidu/rooms/{id}/connections/{conn}', 'API\V4\OpenViduController@updateConnection');
-        Route::post('openvidu/rooms/{id}/request/{reqid}/accept', 'API\V4\OpenViduController@acceptJoinRequest');
-        Route::post('openvidu/rooms/{id}/request/{reqid}/deny', 'API\V4\OpenViduController@denyJoinRequest');
     }
 );
 
 // Note: In Laravel 7.x we could just use withoutMiddleware() instead of a separate group
 Route::group(
     [
         'domain' => \config('app.website_domain'),
         'prefix' => $prefix . 'api/v4'
     ],
     function () {
         Route::post('openvidu/rooms/{id}', 'API\V4\OpenViduController@joinRoom');
     }
 );
 
 Route::group(
     [
         'domain' => \config('app.website_domain'),
         'middleware' => 'api',
         'prefix' => $prefix . 'api/v4'
     ],
     function ($router) {
         Route::post('support/request', 'API\V4\SupportController@request');
     }
 );
 
 Route::group(
     [
         'domain' => \config('app.website_domain'),
         'prefix' => $prefix . 'api/webhooks'
     ],
     function () {
         Route::post('payment/{provider}', 'API\V4\PaymentsController@webhook');
         Route::post('meet', 'API\V4\OpenViduController@webhook');
         Route::get('nginx', 'API\NGINXController@authenticate');
     }
 );
 
 if (\config('app.with_services')) {
     Route::group(
         [
             'domain' => 'services.' . \config('app.website_domain'),
             'prefix' => $prefix . 'api/webhooks'
         ],
         function () {
             Route::get('nginx', 'API\V4\NGINXController@authenticate');
             Route::post('policy/greylist', 'API\V4\PolicyController@greylist');
             Route::post('policy/ratelimit', 'API\V4\PolicyController@ratelimit');
             Route::post('policy/spf', 'API\V4\PolicyController@senderPolicyFramework');
         }
     );
 }
 
 if (\config('app.with_admin')) {
     Route::group(
         [
             'domain' => 'admin.' . \config('app.website_domain'),
             'middleware' => ['auth:api', 'admin'],
             'prefix' => $prefix . 'api/v4',
         ],
         function () {
             Route::apiResource('domains', API\V4\Admin\DomainsController::class);
             Route::post('domains/{id}/suspend', 'API\V4\Admin\DomainsController@suspend');
             Route::post('domains/{id}/unsuspend', 'API\V4\Admin\DomainsController@unsuspend');
 
             Route::apiResource('groups', API\V4\Admin\GroupsController::class);
             Route::post('groups/{id}/suspend', 'API\V4\Admin\GroupsController@suspend');
             Route::post('groups/{id}/unsuspend', 'API\V4\Admin\GroupsController@unsuspend');
 
             Route::apiResource('skus', API\V4\Admin\SkusController::class);
             Route::apiResource('users', API\V4\Admin\UsersController::class);
             Route::get('users/{id}/discounts', 'API\V4\Reseller\DiscountsController@userDiscounts');
             Route::post('users/{id}/reset2FA', 'API\V4\Admin\UsersController@reset2FA');
             Route::get('users/{id}/skus', 'API\V4\Admin\SkusController@userSkus');
             Route::post('users/{id}/suspend', 'API\V4\Admin\UsersController@suspend');
             Route::post('users/{id}/unsuspend', 'API\V4\Admin\UsersController@unsuspend');
             Route::apiResource('wallets', API\V4\Admin\WalletsController::class);
             Route::post('wallets/{id}/one-off', 'API\V4\Admin\WalletsController@oneOff');
             Route::get('wallets/{id}/transactions', 'API\V4\Admin\WalletsController@transactions');
 
             Route::get('stats/chart/{chart}', 'API\V4\Admin\StatsController@chart');
         }
     );
 }
 
 if (\config('app.with_reseller')) {
     Route::group(
         [
             'domain' => 'reseller.' . \config('app.website_domain'),
             'middleware' => ['auth:api', 'reseller'],
             'prefix' => $prefix . 'api/v4',
         ],
         function () {
             Route::apiResource('domains', API\V4\Reseller\DomainsController::class);
             Route::post('domains/{id}/suspend', 'API\V4\Reseller\DomainsController@suspend');
             Route::post('domains/{id}/unsuspend', 'API\V4\Reseller\DomainsController@unsuspend');
 
             Route::apiResource('groups', API\V4\Reseller\GroupsController::class);
             Route::post('groups/{id}/suspend', 'API\V4\Reseller\GroupsController@suspend');
             Route::post('groups/{id}/unsuspend', 'API\V4\Reseller\GroupsController@unsuspend');
 
             Route::apiResource('invitations', API\V4\Reseller\InvitationsController::class);
             Route::post('invitations/{id}/resend', 'API\V4\Reseller\InvitationsController@resend');
 
             Route::post('payments', 'API\V4\Reseller\PaymentsController@store');
             Route::get('payments/mandate', 'API\V4\Reseller\PaymentsController@mandate');
             Route::post('payments/mandate', 'API\V4\Reseller\PaymentsController@mandateCreate');
             Route::put('payments/mandate', 'API\V4\Reseller\PaymentsController@mandateUpdate');
             Route::delete('payments/mandate', 'API\V4\Reseller\PaymentsController@mandateDelete');
             Route::get('payments/methods', 'API\V4\Reseller\PaymentsController@paymentMethods');
             Route::get('payments/pending', 'API\V4\Reseller\PaymentsController@payments');
             Route::get('payments/has-pending', 'API\V4\Reseller\PaymentsController@hasPayments');
 
             Route::apiResource('skus', API\V4\Reseller\SkusController::class);
             Route::apiResource('users', API\V4\Reseller\UsersController::class);
             Route::get('users/{id}/discounts', 'API\V4\Reseller\DiscountsController@userDiscounts');
             Route::post('users/{id}/reset2FA', 'API\V4\Reseller\UsersController@reset2FA');
             Route::get('users/{id}/skus', 'API\V4\Reseller\SkusController@userSkus');
             Route::post('users/{id}/suspend', 'API\V4\Reseller\UsersController@suspend');
             Route::post('users/{id}/unsuspend', 'API\V4\Reseller\UsersController@unsuspend');
             Route::apiResource('wallets', API\V4\Reseller\WalletsController::class);
             Route::post('wallets/{id}/one-off', 'API\V4\Reseller\WalletsController@oneOff');
             Route::get('wallets/{id}/receipts', 'API\V4\Reseller\WalletsController@receipts');
             Route::get('wallets/{id}/receipts/{receipt}', 'API\V4\Reseller\WalletsController@receiptDownload');
             Route::get('wallets/{id}/transactions', 'API\V4\Reseller\WalletsController@transactions');
 
             Route::get('stats/chart/{chart}', 'API\V4\Reseller\StatsController@chart');
         }
     );
 }
diff --git a/src/tests/Feature/Controller/OpenViduTest.php b/src/tests/Feature/Controller/OpenViduTest.php
index 1059f5e8..abcba3fd 100644
--- a/src/tests/Feature/Controller/OpenViduTest.php
+++ b/src/tests/Feature/Controller/OpenViduTest.php
@@ -1,446 +1,450 @@
 <?php
 
 namespace Tests\Feature\Controller;
 
 use App\Http\Controllers\API\V4\OpenViduController;
 use App\OpenVidu\Room;
 use Tests\TestCase;
 
 class OpenViduTest extends TestCase
 {
     /**
      * {@inheritDoc}
      */
     public function setUp(): void
     {
         parent::setUp();
 
         $this->clearMeetEntitlements();
         $room = Room::where('name', 'john')->first();
         $room->setSettings(['password' => null, 'locked' => null, 'nomedia' => null]);
     }
 
     public function tearDown(): void
     {
         $this->clearMeetEntitlements();
         $room = Room::where('name', 'john')->first();
         $room->setSettings(['password' => null, 'locked' => null, 'nomedia' => null]);
 
         parent::tearDown();
     }
 
     /**
      * Test listing user rooms
      *
      * @group openvidu
      */
     public function testIndex(): void
     {
         $john = $this->getTestUser('john@kolab.org');
         $jack = $this->getTestUser('jack@kolab.org');
         Room::where('user_id', $jack->id)->delete();
 
         // Unauth access not allowed
         $response = $this->get("api/v4/openvidu/rooms");
         $response->assertStatus(401);
 
         // John has one room
         $response = $this->actingAs($john)->get("api/v4/openvidu/rooms");
         $response->assertStatus(200);
 
         $json = $response->json();
 
         $this->assertSame(1, $json['count']);
         $this->assertCount(1, $json['list']);
         $this->assertSame('john', $json['list'][0]['name']);
 
         // Jack has no room, but it will be auto-created
         $response = $this->actingAs($jack)->get("api/v4/openvidu/rooms");
         $response->assertStatus(200);
 
         $json = $response->json();
 
         $this->assertSame(1, $json['count']);
         $this->assertCount(1, $json['list']);
         $this->assertMatchesRegularExpression('/^[0-9a-z-]{11}$/', $json['list'][0]['name']);
     }
 
     /**
      * Test joining the room
      *
      * @group openvidu
      */
     public function testJoinRoom(): void
     {
         $john = $this->getTestUser('john@kolab.org');
         $jack = $this->getTestUser('jack@kolab.org');
         $room = Room::where('name', 'john')->first();
         $room->session_id = null;
         $room->save();
 
         $this->assignMeetEntitlement($john);
 
         // Unauth access, no session yet
         $response = $this->post("api/v4/openvidu/rooms/{$room->name}");
         $response->assertStatus(422);
 
         $json = $response->json();
         $this->assertSame(323, $json['code']);
 
         // Non-existing room name
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/non-existing");
         $response->assertStatus(404);
 
         // TODO: Test accessing an existing room of deleted owner
 
         // Non-owner, no session yet
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}");
         $response->assertStatus(422);
 
         $json = $response->json();
         $this->assertSame(323, $json['code']);
 
         // Room owner, no session yet
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/{$room->name}");
         $response->assertStatus(422);
 
         $json = $response->json();
         $this->assertSame(324, $json['code']);
 
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/{$room->name}", ['init' => 1]);
         $response->assertStatus(200);
 
         $json = $response->json();
 
         $session_id = $room->fresh()->session_id;
 
         $this->assertSame(Room::ROLE_SUBSCRIBER | Room::ROLE_MODERATOR | Room::ROLE_OWNER, $json['role']);
         $this->assertMatchesRegularExpression('|^wss?://|', $json['token']);
         $this->assertMatchesRegularExpression('|&roomId=' . $session_id . '|', $json['token']);
 
         $john_token = $json['token'];
 
         // Non-owner, now the session exists, no 'init' argument
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}");
         $response->assertStatus(422);
 
         $json = $response->json();
 
         $this->assertSame(322, $json['code']);
         $this->assertTrue(empty($json['token']));
 
         // Non-owner, now the session exists, with 'init', but no 'canPublish' argument
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}", ['init' => 1]);
         $response->assertStatus(200);
 
         $json = $response->json();
 
         $this->assertSame(Room::ROLE_SUBSCRIBER, $json['role']);
         $this->assertMatchesRegularExpression('|^wss?://|', $json['token']);
         $this->assertMatchesRegularExpression('|&roomId=' . $session_id . '|', $json['token']);
         $this->assertTrue($json['token'] != $john_token);
 
         // Non-owner, now the session exists, with 'init', and with 'role=PUBLISHER'
         $post = ['canPublish' => true, 'init' => 1];
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(200);
 
         $json = $response->json();
 
         $this->assertSame(Room::ROLE_PUBLISHER, $json['role']);
         $this->assertMatchesRegularExpression('|^wss?://|', $json['token']);
         $this->assertMatchesRegularExpression('|&roomId=' . $session_id . '|', $json['token']);
         $this->assertTrue($json['token'] != $john_token);
         $this->assertEmpty($json['config']['password']);
         $this->assertEmpty($json['config']['requires_password']);
 
         // Non-owner, password protected room, password not provided
         $room->setSettings(['password' => 'pass']);
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}");
         $response->assertStatus(422);
 
         $json = $response->json();
 
         $this->assertCount(4, $json);
         $this->assertSame(325, $json['code']);
         $this->assertSame('error', $json['status']);
         $this->assertSame('Failed to join the session. Invalid password.', $json['message']);
         $this->assertEmpty($json['config']['password']);
         $this->assertTrue($json['config']['requires_password']);
 
         // Non-owner, password protected room, invalid provided
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}", ['password' => 'aa']);
         $response->assertStatus(422);
 
         $json = $response->json();
         $this->assertSame(325, $json['code']);
 
         // Non-owner, password protected room, valid password provided
         // TODO: Test without init=1
         $post = ['password' => 'pass', 'init' => 'init'];
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(200);
 
         // Make sure the room owner can access the password protected room w/o password
         // TODO: Test without init=1
         $post = ['init' => 'init'];
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(200);
 
         // Test 'nomedia' room option
         $room->setSettings(['nomedia' => 'true', 'password' => null]);
 
         $post = ['init' => 'init', 'canPublish' => true];
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(200);
 
         $json = $response->json();
         $this->assertSame(Room::ROLE_PUBLISHER & $json['role'], Room::ROLE_PUBLISHER);
 
         $post = ['init' => 'init', 'canPublish' => true];
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(200);
 
         $json = $response->json();
         $this->assertSame(Room::ROLE_PUBLISHER & $json['role'], 0);
     }
 
     /**
      * Test locked room and join requests
      *
      * @group openvidu
      */
     public function testJoinRequests(): void
     {
         $john = $this->getTestUser('john@kolab.org');
         $jack = $this->getTestUser('jack@kolab.org');
         $room = Room::where('name', 'john')->first();
         $room->session_id = null;
         $room->save();
         $room->setSettings(['password' => null, 'locked' => 'true']);
 
         $this->assignMeetEntitlement($john);
 
         // Create the session (also makes sure the owner can access a locked room)
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/{$room->name}", ['init' => 1]);
         $response->assertStatus(200);
 
         // Non-owner, locked room, invalid/missing input
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}");
         $response->assertStatus(422);
 
         $json = $response->json();
 
         $this->assertCount(4, $json);
         $this->assertSame(326, $json['code']);
         $this->assertSame('error', $json['status']);
         $this->assertSame('Failed to join the session. Room locked.', $json['message']);
         $this->assertTrue($json['config']['locked']);
 
         // Non-owner, locked room, invalid requestId
         $post = ['nickname' => 'name', 'requestId' => '-----', 'init' => 1];
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(422);
 
         $json = $response->json();
         $this->assertSame(326, $json['code']);
 
         // Non-owner, locked room, invalid requestId
         $post = ['nickname' => 'name', 'init' => 1];
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(422);
 
         $json = $response->json();
         $this->assertSame(326, $json['code']);
 
         // Non-owner, locked room, valid input
         $reqId = '12345678';
         $post = ['nickname' => 'name', 'requestId' => $reqId, 'picture' => 'data:image/png;base64,01234'];
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(422);
 
         $json = $response->json();
 
         $this->assertCount(4, $json);
         $this->assertSame(327, $json['code']);
         $this->assertSame('error', $json['status']);
         $this->assertSame('Failed to join the session. Room locked.', $json['message']);
         $this->assertTrue($json['config']['locked']);
 
         $room->refresh();
 
         $request = $room->requestGet($reqId);
 
         $this->assertSame($post['nickname'], $request['nickname']);
         $this->assertSame($post['requestId'], $request['requestId']);
 
         $room->requestAccept($reqId);
 
         // Non-owner, locked room, join request accepted
         $post['init'] = 1;
         $post['canPublish'] = true;
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(200);
         $json = $response->json();
 
         $this->assertSame(Room::ROLE_PUBLISHER, $json['role']);
         $this->assertMatchesRegularExpression('|^wss?://|', $json['token']);
 
         // TODO: Test a scenario where both password and lock are enabled
         // TODO: Test accepting/denying as a non-owner moderator
         // TODO: Test somehow websocket communication
         $this->markTestIncomplete();
     }
 
     /**
      * Test joining the room
      *
      * @group openvidu
      * @depends testJoinRoom
      */
     public function testJoinRoomGuest(): void
     {
         $this->assignMeetEntitlement('john@kolab.org');
 
         // There's no easy way to logout the user in the same test after
         // using actingAs(). That's why this is moved to a separate test
         $room = Room::where('name', 'john')->first();
 
         // Guest, request with screenShare token
         $post = ['canPublish' => true, 'screenShare' => 1, 'init' => 1];
         $response = $this->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(200);
 
         $json = $response->json();
 
         $this->assertSame(Room::ROLE_PUBLISHER, $json['role']);
         $this->assertMatchesRegularExpression('|^wss?://|', $json['token']);
     }
 
     /**
      * Test configuring the room (session)
      *
      * @group openvidu
      */
     public function testSetRoomConfig(): void
     {
         $john = $this->getTestUser('john@kolab.org');
         $jack = $this->getTestUser('jack@kolab.org');
         $room = Room::where('name', 'john')->first();
 
         // Unauth access not allowed
         $response = $this->post("api/v4/openvidu/rooms/{$room->name}/config", []);
         $response->assertStatus(401);
 
         // Non-existing room name
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/non-existing/config", []);
         $response->assertStatus(404);
 
         // TODO: Test a room with a deleted owner
 
         // Non-owner
         $response = $this->actingAs($jack)->post("api/v4/openvidu/rooms/{$room->name}/config", []);
         $response->assertStatus(403);
 
         // Room owner
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/{$room->name}/config", []);
         $response->assertStatus(200);
 
         $json = $response->json();
 
         $this->assertCount(2, $json);
         $this->assertSame('success', $json['status']);
         $this->assertSame("Room configuration updated successfully.", $json['message']);
 
         // Set password and room lock
         $post = ['password' => 'aaa', 'locked' => 1];
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/{$room->name}/config", $post);
         $response->assertStatus(200);
 
         $json = $response->json();
 
         $this->assertCount(2, $json);
         $this->assertSame('success', $json['status']);
         $this->assertSame("Room configuration updated successfully.", $json['message']);
         $room->refresh();
         $this->assertSame('aaa', $room->getSetting('password'));
         $this->assertSame('true', $room->getSetting('locked'));
 
         // Unset password and room lock
         $post = ['password' => '', 'locked' => 0];
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/{$room->name}/config", $post);
         $response->assertStatus(200);
 
         $json = $response->json();
 
         $this->assertCount(2, $json);
         $this->assertSame('success', $json['status']);
         $this->assertSame("Room configuration updated successfully.", $json['message']);
         $room->refresh();
         $this->assertSame(null, $room->getSetting('password'));
         $this->assertSame(null, $room->getSetting('locked'));
 
         // Test invalid option error
         $post = ['password' => 'eee', 'unknown' => 0];
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/{$room->name}/config", $post);
         $response->assertStatus(422);
 
         $json = $response->json();
 
         $this->assertCount(2, $json);
         $this->assertSame('error', $json['status']);
         $this->assertSame("Invalid room configuration option.", $json['errors']['unknown']);
 
         $room->refresh();
         $this->assertSame(null, $room->getSetting('password'));
     }
 
     /**
      * Test the webhook
      *
      * @group openvidu
      */
     public function testWebhook(): void
     {
         $this->assignMeetEntitlement('john@kolab.org');
 
         $john = $this->getTestUser('john@kolab.org');
         $room = Room::where('name', 'john')->first();
+        $headers = ['X-Auth-Token' => \config('meet.webhook_token')];
 
         // First, create the session
         $post = ['init' => 1];
         $response = $this->actingAs($john)->post("api/v4/openvidu/rooms/{$room->name}", $post);
         $response->assertStatus(200);
 
         $sessionId = $room->fresh()->session_id;
 
         // Test accepting a join request
         $room->requestSave('1234', ['nickname' => 'test']);
 
         $post = ['roomId' => $sessionId, 'requestId' => '1234', 'event' => 'joinRequestAccepted'];
         $response = $this->post("api/webhooks/meet", $post);
+        $response->assertStatus(403); // 403 because no auth token
+
+        $response = $this->withHeaders($headers)->post("api/webhooks/meet", $post);
         $response->assertStatus(200);
 
         $request = $room->requestGet('1234');
 
         $this->assertSame(Room::REQUEST_ACCEPTED, $request['status']);
 
         // Test denying a join request
         $room->requestSave('1234', ['nickname' => 'test']);
 
         $post = ['roomId' => $sessionId, 'requestId' => '1234', 'event' => 'joinRequestDenied'];
-        $response = $this->post("api/webhooks/meet", $post);
+        $response = $this->withHeaders($headers)->post("api/webhooks/meet", $post);
         $response->assertStatus(200);
 
         $request = $room->requestGet('1234');
 
         $this->assertSame(Room::REQUEST_DENIED, $request['status']);
 
         // Test closing the session
         $post = ['roomId' => $sessionId, 'event' => 'roomClosed'];
-        $response = $this->post("api/webhooks/meet", $post);
+        $response = $this->withHeaders($headers)->post("api/webhooks/meet", $post);
         $response->assertStatus(200);
 
         $this->assertNull($room->fresh()->session_id);
     }
 }