On average, it costs $2,035,044 and 30,834 developer hours to build a Nylas equivalent that connects your application to 100% of email, calendar, and contacts providers. That’s over 1.5 years for a talented team of 7 senior engineers to scope the project, test it, build a POC, pursue the security certifications, push the POC live, and maintain the integration(s).
With Nylas, it takes just 18 days to build full email, calendar, and contacts integrations with 100% of providers. In addition, Nylas comes with pre-built security features that provide a more secure, reliable connection than you’d get integrating with the service providers directly – out of the box, we’re SOC 2 certified, GDPR compliant, Privacy Shield certified and HIPAA and FINRA ready.
Authentication is a critical step required to integrate Gmail data into your app. It’s also the very first experience users see when asked to authenticate sensitive data – so you want to make sure it’s handled smoothly and securely.
Here are the simplified steps required to build a complete authentication flow:
1. Create and configure a Google Project to allow access to the Gmail API
4 hours for one senior engineer
2. Implement Google auth flow & create screens for callback workflow
80 hours for one senior engineer
3. Implement secure storage for Google refresh tokens
120 hours for one senior engineer
Model security risks
Gain or develop knowledge about cryptography, symmetric encryption algorithms and which ones to use
Build logic to handle edge cases and secret re-encryption
Build the system so it’s prepared to handle a security leak
4. Implement logic to refresh access tokens when needed & notifying users
24 hours for one senior engineer
5. Implement logic to properly handle revoked refresh tokens
24 hours for one senior engineer
6. Implement logic to handle reliability issues and outages from Google
80 hours for one senior engineer
Roughly once a year, Google makes a bad code push that breaks their auth APIs
These issues often translate to 500 or 403 errors coming from Google
You have to handle them to make sure you’re not stopping syncing accounts when they should still sync.
7. Properly handling the case where a user only grants a subset of the requested permissions, which is now an option that Google supports
40 hours for one senior engineer
Email Sync
1,900 hours for one senior engineer
Cost = $125,400.00
1. Build email sync functionality, starting w/polling the Gmail API for the data that you need
760 hours for one senior engineer
2. Add support for Google push notifications (this is a big project)
560 hours for one senior engineer
Handle scaling (you can easily DDoS yourself if you don’t know what you’re doing)
Handle performance and integration with the sync components
3. Attachment storage and handling, including encryption
200 hours for one senior engineer
4. Properly handle rate-limiting / 429 errors
120 hours for one senior engineer
The Google APIs have multiple rate limits and don’t tell you what rate-limits you hit. You’ll have to investigate rate limiting by bandwidth, per-user, for this project, by account, or something else.
5. UTF-8 conversion
30 hours for one senior engineer
The basics are easy, but extracting the character set from the right place in MIME and converting it is time consuming
6. HTML normalization
30 hours for one senior engineer
Convert plaintext to HTML. Adding HTML tags in the right places to make it format / display properly
7. Truncate unbounded headers correctly
20 hours for one senior engineer
Make sure your database is truncating long headers in a way that doesn’t lose valuable information
8. Attachment re-encoding (text to bytes)
20 hours for one senior engineer
A normal case is easy, but when a MIME type isn’t specified properly it’s much more complicated
9. Edge case handling: extremely large messages, weird attachment formats, messages that have broken MIME-types or are otherwise spec-noncompliant (this is a big, ongoing project)
Comes out of the box with Gmails API so somewhat straightforward
6. Handling incoming push notifications from Google at scale, including maintaining subscriptions to the proper ones and unsubscribing when no longer relevant
70 hours for one senior engineer
7. Properly handle rate-limit & quota errors
40 hours for one senior engineer
8. Properly handle authentication errors
10 hours for one senior engineer
Contacts Sync
660 hours for one senior engineer
Cost = $43,560.00
1. Research Google Data API vs. People API
4 hours for one senior engineer
Google SDKs not necessarily the best option and hide many of the complexities of auth, in a bad way
If you need the Google Data API (to access “Other contacts”), you’ll need to use an older XML-based Google Data client library, many of which are unmaintained / not updated
2. Build syncing for this data. You’ll need to use a poll-based sync architecture as that is a limitation of Google’s contacts APIs.
180 hours for one senior engineer
3. Create a data model
24 hours for one senior engineer
4.Build code to diff & update complex, interrelated objects like email addresses, IM addresses, web pages, and phone numbers
80 hours for one senior engineer
5. Your sync loop needs to handle getting access tokens from refresh tokens & replacing them when they expire
24 hours for one senior engineer
6. Sanitizing & truncating data received off the wire before storing it
40 hours for one senior engineer
7. Handle pagination, batch-fetching
44 hours for one senior engineer
8. Adding support for Contact Pictures
80 hours for one senior engineer
Pictures are PII under GDPR; you’ll need to store them in a secure, deletable way
Photo-fetching is heavily rate-limited and you need to architect your sync such that photo-download rate-limits do not cause the entire sync loop to stop.
9. Adding support for Groups
120 hours for one senior engineer
Contacts need to be correctly associated with the proper group
10. Properly handle rate-limit & quota errors
40 hours for one senior engineer
11. Properly handle authentication errors
24 hours for one senior engineer
Google Specific Operations & Maintenance
Google Operations/Maintenance/Testing/Compliance Total = 152 hours
Headcount Cost = $10,032
1. Monitoring your Google Project’s quota & requesting quota increases when needed
40 hours for one senior engineer
2. Handling Google security requirements, like the app verification process & security audit
112 hours for one senior engineer
Microsoft EWS (On-Prem Exchange)
Authentication
732 hours for one senior engineer
Cost = $48,312
1. Auth
16 hours for one senior engineer
Read and untangle the Microsoft docs about authentication flows
2. Create and configure a Microsoft Azure AD to allow access to EWS for Office365
4 hours for one senior engineer
3. Implement Microsoft auth flow & create screens for callback workflow
40 hours for one senior engineer
4. Implement secure storage for Microsoft refresh tokens
240 hours for one senior engineer
Need to model security risks
Need to know about cryptography, symmetric encryption algorithms and which ones to use
Need to think of how to handle edge cases, re-encrypting secrets and how to handle a security leak
Implement logging and compliance features around secrets (this takes around 120 hours)
5. Implement logic to refresh access tokens when needed
24 hours for one senior engineer
6. Implement logic to properly handle revoked refresh tokens
24 hours for one senior engineer
7. Implement logic to handle reliability issues and outages from Microsoft; not an upfront cost – something you pay over the years in bad UX and low customer confidence
40 hours for one senior engineer
Microsoft has authentication outages a couple times a year
These issues often translate to 500 or 403s errors coming from Microsoft
You have to handle them to make sure you’re not stopping syncing accounts when they should still sync.
8. Build password-based auth fallback
24hours for one senior engineer
9. Implement autodiscovery for on-prem Exchange servers
320 engineering days for a senior engineer
The autodiscovery protocol from Microsoft lets you detect which Exchange server endpoint to connect to for a given email address
It’s extremely complicated and involves trying a number of endpoints in order to find out which is the right one
Every enterprise Exchange deployment is slightly different and there’s a lot of manual debugging to get customers onboarded
not an upfront cost – something you pay over the years in bad UX and low customer confidence
Email Sync
3,256 hours for one senior engineer
Cost = $214,896
1. Build email sync functionality, starting w/polling the EWS endpoint for the data that you need
1,680 hours for one senior engineer
Creating data model
2. Add support for EWS push subscriptions
560 hours for one senior engineer
Handle scaling (need to be able to open thousands of concurrent connections across your infrastructure)
Handle performance and integration with the sync components
3. Attachment storage and handling, including encryption
112 hours for one senior engineer
4. Properly handle rate-limiting / 429 errors
320hours for one senior engineer
EWS has multiple rate limits and don’t tell you what rate-limits you hit. Very often, Exchange admins tweak these limits, causing a frustrating process of trial and error.
5. UTF-8 conversion
56 hours for one senior engineer (across several years)
Basics are easy, but extracting the character set from the right place in MIME and converting it is tough.
6. HTML normalization
56 hours for one senior engineer
Converting plaintext to HTML. Adding HTML tags in the right places to make it format / display properly.
7. Truncating unbounded headers correctly
56 hours for one senior engineer
Make sure your database isn’t truncating long headers
8. Generating normalized snippets
56 hours for one senior engineer
Take HTML, convert to plaintext, then pull out the snippet
9. Attachment reencoding (text to bytes)
40 hours for one senior engineer
Normal case is easy, but when MIME type isn’t specified properly it’s much more complicated (though this is an edge case).
10. Edge case handling: extremely large messages, weird attachment formats, messages that have broken MIME-types or are otherwise spec-noncompliant (this is an ongoing, big project)
Comes out of the box with EWS so somewhat straightforward
6. Handling incoming push notifications from Microsoft at scale, including maintaining subscriptions to the proper ones and unsubscribing when no longer relevant
120 hours for one senior engineer
7. Properly handle rate-limit & quota errors
80 hours for one senior engineer
Contacts Sync – EWS
1,512 hours for one senior engineer
Cost = $99,792
1. Contacts sync
480 hours for one senior engineer
Build syncing for this data. You’ll need to use a poll-based sync architecture as that is a limitation of Microsoft contacts APIs.
2. Handle scaling as you need to be running many concurrent syncs
560 hours for one senior engineer
3. Create a data model
24 hours for one senior engineer
4. Build code to diff & update complex, interrelated objects like email addresses, IM addresses, web pages, and phone numbers
80 hours for one senior engineer
5. Your sync loop needs to handle getting access tokens from refresh tokens & replacing them when they expire
24 hours for one senior engineer
6. Sanitizing & truncating data received off the wire before storing it
40 hours for one senior engineer
7. Handle pagination, batch-fetching
40 hours for one senior engineer
8. Adding support for Contact Pictures
80 hours for one senior engineer
Pictures are PII under GDPR — need to store them in a secure, deletable way
Photo-fetching is heavily rate-limited and you need to architect your sync such that photo-download rate-limits do not cause the entire sync loop to stop.
9. Adding support for Groups
120 hours for one senior engineer
Contacts need to be correctly associated with the proper group
10. Properly handle rate-limit & quota errors
40 hours for one senior engineer
11. Properly handle authentication errors
24 hours for one senior engineer
Microsoft Specific Maintenance
80 hours
Cost = $5,280
Updates when Microsoft releases a new version of the protocol
80 hours
Microsoft Graph (Office 365 + Outlook)
Authentication
372 hours for one senior engineer
Cost = $24,552
1. Create and configure a Microsoft Project to allow access to the Graph API
4 hours for one senior engineer
2. Implement Microsoft auth flow & create screens for callback workflow
80 hours for one senior engineer
3. Implement secure storage for Microsoft refresh tokens
120 hours for one senior engineer
Need to model security risks
Need to know about cryptography, symmetric encryption algorithms and which ones to use
Need to think of how to handle edge cases, re-encrypting secrets and how to handle a security leak
4. Implement logic to refresh access tokens when needed & notifying users
24 hours for one senior engineer
5. Implement logic to properly handle revoked refresh tokens
24 hours for one senior engineer
6. Implement logic to handle reliability issues and outages from Microsoft
80 hours for one senior engineer (not an upfront cost – something you pay over the years in bad UX and low customer confidence)
Roughly once a year, Microsoft makes a bad code push that breaks their auth APIs
These issues often translate to 500 or 403s errors coming from Microsoft
You have to handle them to make sure you’re not stopping syncing accounts when they should still sync.
7. Properly handling the case where a user only grants a subset of the requested permissions, which is now an option that Microsoft supports
40 hours for one senior engineer
Email Sync
1,928 hours for one senior engineer
Cost = $127,248
1. Build email sync functionality, starting w/polling the Graph API for the data that you need (big one)
720 hours for one senior engineer
Creating data model
2. Add support for Graph push notifications
240 hours for one senior engineer
Handle scaling (you can easily DDoS yourself if you don’t know what you’re doing)
Handle performance and integration with the sync components
3. Attachment storage and handling, including encryption
112 hours for one senior engineer
4. Properly handle rate-limiting / 429 errors
40hours for one senior engineer
Graph APIs have multiple rate limits and don’t tell you what rate-limits you hit. Is this bandwidth, per-user, for this project, account etc.
5. MIME parsing
120 hours for one senior engineer
Highly variable based on what language you use (some standard MIME parsers are not performant at scale)
Ongoing costs — also spending 1 week a year debugging weird parsing issues
6. Flattening complex MIME structures
112hours for one senior engineer
Converting into a format you can display in your UI (which part of the MIME structure are displayable). Different parts of certain messages, like Headers and footers, can be displayed in different ways.
7. UTF-8 conversion
56 hours for one senior engineer
Basics are easy, but extracting the character set from the right place in MIME and converting it is tough.
8. HTML normalization
56 hours for one senior engineer
Converting plaintext to HTML. Adding HTML tags in the right places to make it format / display properly.
9. Truncating unbounded headers correctly
56 hours for one senior engineer
Make sure your database isn’t truncating long headers
10. Generating normalized snippets
56 hours for one senior engineer
Take HTML, convert to plaintext, then pull out the snippet
11. Attachment re-encoding (text to bytes)
40 hours for one senior engineer
Normal or average cases are easy, but when the MIME type isn’t specified properly it’s much more complicated (though this is an edge case, it needs to be dealt with).
12. Edge case handling: extremely large messages, weird attachment formats, messages that have broken MIME-types or are otherwise spec-noncompliant (this is an ongoing, big project)
320 hours for one senior engineer
Maintenance (which you pay down over time)
Calendar Sync
664 hours for one senior engineer
Cost = $43,824
1. Creating Data Model
40 hours for one senior engineer
2. Data syncing for calendars and events
160 hours for one senior engineer
3. Recurring Events & RRULE parsing
160 hours for one senior engineer
4. Timezone Normalization
40 hours for one senior engineer
5. Invites & RSVPs to events
40 hours for one senior engineer
Comes out of the box with Microsoft Graph API so somewhat straightforward
6. Handling incoming push notifications from Microsoft at scale, including maintaining subscriptions to the proper ones and unsubscribing when no longer relevant
120 hours for one senior engineer
7. Properly handle rate-limit & quota errors
80 hours for one senior engineer
8. Properly handle authentication errors
24 hours for one senior engineer
Contacts Sync
Microsoft Contacts Sync Total = 512 hours for one senior engineer
Cost = $33,792
1. Build syncing for this data.
40 hours for one senior engineer
2. Create a data model
24 hours for one senior engineer
3. Build code to diff & update complex, interrelated objects like email addresses, IM addresses, web pages, and phone numbers
80 hours for one senior engineer
4. our sync loop needs to handle getting access tokens from refresh tokens & replacing them when they expire
24 hours for one senior engineer
5. Sanitizing & truncating data received off the wire before storing it
40 hours for one senior engineer
6. Handle pagination, batch-fetching
40 hours for one senior engineer
7. Adding support for Contact Pictures
80 hours for one senior engineer
Pictures are PII under GDPR — need to store them in a secure, deletable way
Photo-fetching is heavily rate-limited and you need to architect your sync such that photo-download rate-limits do not cause the entire sync loop to stop.
8. Adding support for Groups
120 hours for one senior engineer
Contacts need to be correctly associated with the proper group
9. Properly handle rate-limit & quota errors
40 hours for one senior engineer
10. Properly handle authentication errors
24 hours for one senior engineer
Graph Specific Operations & Maintenance
112 hours for one senior engineer
Cost = $7,392
1.Graph API changes
112 hours for one senior engineer
Okay, it’s nice and RESTy! But there are a TON of features which are still “beta” and could change at any time. You’re not supposed to build production apps on them.
Generic Providers
IMAP
(Includes support for iCloud, Yahoo, ISP email services, etc.)
3,280 hours for one senior engineer
Cost = $217,800
IMAP is a TCP-based protocol that most developers find confusing and difficult to wrap their head around
1. Auth: For auth, you will need to deal with password-based authentication, including storing user passwords in your infrastructure
56 hours for one senior engineer
You’ll need to build a means of secure credential storage
Almost no IMAP servers support OAuth
Error messages are not standard. You’ll need to test many different servers to figure out what means what
Access controls and logging on credentials access
2. Basic sync functionality for IMAP
1,500 hours for one senior engineer
Stateful IMAP session-handling
Handling UIDVALIDITY condition & account / folder resyncs without taking down your infrastructure
Sequence numbers? UIDs? Something else?
Highestmodseq and “optimized” sync
Implementing the code to track messages across folder moves without them appearing as a “delete” and then “create” function
Syncing an unbounded number of folders without creating too much concurrency that will bog down your system. You will need to create some sort of prioritization system. That prioritization system will need to be localized and understand different kinds of folders.
Additionally, some IMAP servers have a global limit on the number of connections you make. You need to stay under that limit otherwise your customers can get locked out their email access!
Handling throttling by the IMAP server
Syncing changes to the folder hierarchy itself.
3. Implement a threading model.
112 hours for one senior engineer
Basic IMAP does not support threading which is an expected, table stakes feature for modern email
You will have to research and create a thoroughly tested algorithm that meets user expectations
4. Implement support for IDLE extension to decrease sync latency
56 hours for one senior engineer
Handle scalability — it’s tough to keep a connection open permanently to the server, for every account you’re syncing
5. Debugging bizarre edge-cases & errors in the IMAP wire format
360 hours for one senior engineer
6. There are thousands of different ESPs and you’ll want to create a database of common configurations to avoid losing users who aren’t good at entering the correct, complex settings
56 hours for one senior engineer
7. Different servers have different available extensions & capabilities
920 hours for one senior engineer
Need to implement capability sniffing to detect which server can do what
8. Thousand of special snowflake servers
56 hours for one senior engineer
Are you ready to spend time digging into how mail.ru deals with Cyrillic characters for folder names?
9. Resyncs (i.e handling the providers invalidating all the ids of the messages you’ve stored) and handling them at scale — i.e without bringing down your whole system
88 hours for one senior engineer
10. MIME parsing
20hours for one senior engineer
Highly variable based on what language you use (some standard MIME parsers are not performant at scale)
11. Flattening complex MIME structures
56hours for one senior engineer
Converting into a format you can display in your UI (which part of the MIME structure are displayable)
There are different parts of certain messages, like Headers and footers, that can be displayed in different ways
SMTP
SMTP Total days = 240 hours for one senior engineer
Cost = $15,840
1. Write a wrapper around the base SMTP library
40 hours for one senior engineer
2. Add support for OAuth
40 hours for one senior engineer
3. Handle SSL / TLS configurations properly
24 hours for one senior engineer
4. Error Handling
40 hours for one senior engineer
5. Error Parsing into human-readable text
16 hours for one senior engineer
6. Creating correct Message Payload rules
80 hours for one senior engineer
CardDAV
360 hours for one senior engineer
Cost = $23,760
1. Auth flow
90 hours for one senior engineer
2. XML Protocol Handling
90 hours for one senior engineer
3. Basic sync, parsing, and storage functionality for CardDAV
130 hours for one senior engineer
4. Syncback functionality for contact changes
50hours for one senior engineer
Provider-Agnostic Operations & Maintenance
Operations / maintenance (will be a larger cost over the lifetime of the code than the initial build-out.
5,600 hoursfor one senior engineer
Cost = $360,600
Storage layer
1,440 hours for one senior engineer
Cost = $95,040
Have to build a storage layer that scales gracefully with the amount of data you store
1,440 hours for a senior engineer
Also needs to handle security for secrets
GDPR and data deletion in a timely manner (even 30 days is hard when you have hundreds of gigabytes of data like some mailboxes have)
Internal access control and security
Logging for compliance
Figuring out and resolving outages as the data grows
Sync Infrastructure
2,000 hours for one senior engineer
Cost= $132,000
Have to build out an infrastructure that can handle syncing data in a performant way — it’s extremely hard to sync data in a timely manner (< 10 seconds from a user getting an email to your app being aware of it)
Sync Load Balancing across a fleet of machines
Associated automation
Health monitoring for accounts
Figuring out and resolving outages as the data grows
Capacity planning and making sure you’re optimizing costs (by buying RIs if you’re running on a cloud provider, or by provisioning enough physical servers if you’re colocated)
Building a multi-datacenter operation — including in the EU
Sync speed
2,160 hours for one senior engineer
Cost = $142,560
Have to be able to sync email data fast! First run experience is critical and most users want their email data in their inbox quickly
720 hours for one senior engineer
Creating a fast flow for new authenticated accounts to start syncing
Instrumenting the code
Optimizing codepaths for first download
Weeks for IMAP alone
Weeks for Exchange
Weeks for Gmail
Admin UI and logging to be able to troubleshoot customer issues
1,440 hours for one senior engineer
Security
Total = 2,720 hours for one senior engineer
Cost $179,520
1. SOC2 compliance and access controls
960 hours for one senior engineer
2. GDPR compliance
1,680 hours for one senior engineer
Timely data deletion at scale
3. Data export capability
80 hours for one senior engineer
Miscellaneous Maintenance Tasks
Total = 1,680 hours for one senior engineer
Cost = $110,880
Edge case handling: extremely large messages, weird attachment formats, messages that have broken MIME-types or are otherwise spec-noncompliant (this is an ongoing, big project)
480 hours for one senior engineer
New protocols released by providers & other breaking API changes
240 hours for one senior engineer
Performance instrumentation & optimization. Observability tooling here can be a BIG cost.
480 hours for one senior engineer
Updating code for new library versions, programming language updates
240 hours for one senior engineer
Constant improvements to monitoring and security
240 hours for one senior engineer
A security breach is very often a life-ending event for a company
Dedicated security team constantly looking for improving security
(At least) 1 for infrastructure security
(At least) 1 for application security
(At least) 1 for data security
(At least) 1 for data compliance
Keeping up on the security issues
Not only in application frameworks and language (Flask, Python) but also infrastructure (Meltdown, Spectre)
There needs to be a testing / QA phase before rollout of course as well.
Some smaller use-cases may have slimmer initial implementations than this. For example, if your app is a readonly use case (excluding sending), you won’t have to build the ability to send changes back to a provider. If you don’t have requirements around latency, you won’t need to implement push notifications. But you’ll have to pay that cost later if your constraints change.
Email Tracking
Total hours: 1,062
Total cost: $70,092.00 (assuming $528 dev day rate)
Building open-tracking
106 hours for one senior engineer
Need to build a whole API service that your messages can reference
Research all of the different ways to implement tracking pixels
Implement a data model for storing & associating the metadata
Atomically updating the data
Building link-tracking
720 hours for one senior engineer
Have to design a schema that is safe against abuse by spammers. That’s a BIG lift (months)
Same as open tracking + security + research tracking system
Handling failures gracefully — you have to redirect users even if your link tracking system is down!
Building reply-tracking
180 hours for one senior engineer
Implement send flag that enables reply-tracking
Implement trigger logic for sending webhook push notifications
Monitor sync process changes for regressions
Optimize for performance
Building search support
56 hours for one senior engineer
Build proxy layer
Take query string and transparently pass back to google (google only)
Exchange, retrofit basic query language to translate into XML format
Get results back from provider API and grab message IDs and load data
Deal with Pagination
Deal with edge cases
*Costs are based on a nation-wide average for a senior software engineer’s salary of $528/day as reported by Glassdoor and include employer taxes as reported by Gusto.
Explore the transformative impact of AI, the evolution of global connectivity, and the reshaping of workplace culture in the digital era in Nylas’ 2024 predictions.
Authentication
Calendar Sync
Contacts Sync
Authentication
Email Sync
Calendar Sync
Contacts Sync – EWS
Authentication
Email Sync 
Calendar Sync
Contacts Sync
Graph Specific Operations & Maintenance
IMAP 
SMTP
CardDAV
Provider-Agnostic Operations & Maintenance
Email API
Calendar API
Scheduler
Contacts API
ExtractAI
Salesforce email integration
Google email & calendar integration
Outlook email & calendar integration
IMAP integration
Calendar management
Embedded contextual email
Scheduling automation
Automated outreach
Intelligent data extraction
Ecommerce
Telehealth
Real estate
Financial technology
Educational technology
Expense management
Customer relationship management
Applicant tracking system
Communications platform
Marketplaces
Document management
Docs
SDKs
Tutorials
API status
Changelog
Support
Blog
Events
Guides
Inspiration gallery
Partners
Build vs. buy
Customer stories
Security & Compliance
Why Nylas
Newsroom