- Products
- Solutions
- Developers Go to DevelopersDocumentationTools & resources
- Success Stories
- Pricing
- Why Nylas
Sync only what you need; use Granular Authentication Scopes! This security feature gives you even more control over the types of data you sync.
At Nylas, security is our #1 priority, which is why we’re excited to announce that our core platform has been updated to give you even more control over the data you access.
Today, we’re releasing a first big milestone for improving security with your email integrations: Authentication Scopes for Google/GSuite and Microsoft Accounts.
This new feature allows you to control the types of user data you sync at a more granular level. With Authentication Scopes, you can:
If your application syncs Google data, Authentication Scopes will also help you meet Google’s new user data policy.
The following authentication scopes are available today:
Here’s an example of the new Authentication Scopes in action from our Ruby SDK:
require 'nylas' api = Nylas::API.new(config.nylas_client_id, config.nylas_client_secret, nil) nylas_token = api.authenticate( name: 'Ben Bitdiddle', email_address: '[email protected]', provider: :gmail, settings: { google_client_id: ENV['GOOGLE_CLIENT_ID'], google_client_secret: ENV['GOOGLE_CLIENT_SECRET'], google_refresh_token: auth_hash[:credentials][:refresh_token] }, scopes: ['email.read_only,email.send'] ) api_as_user = api.as(nylas_token)
If you request access to data that’s outside of what your users have authorized, then the endpoint will return a 403 error like the one below:
{ "message": "You do not have access to the required scopes. You provided a token which has the following scopes ['email.read_only', 'email.send']. You would need a token with at least one of the following scopes: ['email.modify']", "type": "api_error" }
You can learn more about the new scopes in our docs, and access them through our Python, Ruby, and NodeJS SDKs.
There’s never been a better time to use the Nylas platform to improve the security of your connection to email providers. We’re excited to continue to help our customers create the most secure integrations for their applications by removing the complexity of building, managing, and maintaining direct integrations.
Please enter your email address and receive the latest updates.