At Nylas, security is our #1 priority, which is why we’re excited to announce that our core platform has been updated to give you even more control over the data you access.
Today, we’re releasing a first big milestone for improving security with your email integrations: Authentication Scopes for Google/GSuite and Microsoft Accounts.
This new feature allows you to control the types of user data you sync at a more granular level. With Authentication Scopes, you can:
If your application syncs Google data, Authentication Scopes will also help you meet Google’s new user data policy.
The following authentication scopes are available today:
Here’s an example of the new Authentication Scopes in action from our Ruby SDK:
require 'nylas' api = Nylas::API.new(config.nylas_client_id, config.nylas_client_secret, nil) nylas_token = api.authenticate( name: 'Ben Bitdiddle', email_address: '[email protected]', provider: :gmail, settings: { google_client_id: ENV['GOOGLE_CLIENT_ID'], google_client_secret: ENV['GOOGLE_CLIENT_SECRET'], google_refresh_token: auth_hash[:credentials][:refresh_token] }, scopes: ['email.read_only,email.send'] ) api_as_user = api.as(nylas_token)
If you request access to data that’s outside of what your users have authorized, then the endpoint will return a 403 error like the one below:
Email API
Calendar API
Scheduler
Contacts API
ExtractAI
Salesforce email integration
Google email & calendar integration
Outlook email & calendar integration
IMAP integration
Calendar management
Embedded contextual email
Scheduling automation
Automated outreach
Intelligent data extraction
Ecommerce
Telehealth
Real estate
Financial technology
Educational technology
Expense management
Customer relationship management
Applicant tracking system
Communications platform
Marketplaces
Document management
Docs
SDKs
Tutorials
API status
Changelog
Support
Blog
Events
Guides
Inspiration gallery
Partners
Build vs. buy
Customer stories
Security & Compliance
Why Nylas
Newsroom{
"message": "You do not have access to the required scopes. You provided a token which has the following scopes ['email.read_only', 'email.send']. You would need a token with at least one of the following scopes: ['email.modify']",
"type": "api_error"
}
You can learn more about the new scopes in our docs, and access them through our Python, Ruby, and NodeJS SDKs.
There’s never been a better time to use the Nylas platform to improve the security of your connection to email providers. We’re excited to continue to help our customers create the most secure integrations for their applications by removing the complexity of building, managing, and maintaining direct integrations.
Building security by design is crucial, especially for startups and small businesses, where resources are…
In a time where cyber threats are increasingly sophisticated and frequent, fostering a security-first culture…
At Nylas, our information security team took action to investigate the Log4j vulnerability and found that our codebases were not impacted. As the incident unfolds, see how Nylas responded to identify the impact and protect customer data.