Email API
Calendar API
Contacts API
Salesforce email integration
Google email & calendar integration
Outlook email & calendar integration
IMAP integration
Calendar management
Embedded contextual email
Scheduling automation
Automated outreach
Intelligent data extraction
Telehealth
Real estate
Financial technology
Educational technology
Customer relationship management
Applicant tracking system
Communications platform
Marketplaces
Document management
Docs
SDKs
Tutorials
API status
Changelog
Support
Blog
Events
Guides
Newsroom
Partners
Build vs. buy
Customer stories
Trust & security
Why Nylas
The Nylas Express Security Review
• 4 min read
In 2020, we announced the Express Security Review, the only program of its kind that simplifies the Google OAuth verification and security assessment process. Through partnerships with Google certified, third-party security firms, we set out to make this complex verification process as simple as possible. Today, we are excited to announce that we have made this workflow even easier by automating the Express Security Review process through the Nylas dashboard.
Going forward, most of the assessment steps are handled through the Nylas dashboard and with direct communication with the Nylas Customer Success team. There are three main stages in the Nylas Express Security Review process: the Qualifier and Purchase Assessment, Google Verification Wizard, and the Security Assessment. To begin the security review process, there are a couple of prerequisites:
Qualifier and Purchase Assessment
The first portion consists of two steps and should be completed by someone on your team who understands how your platform uses the Nylas APIs and knows your billing and payment information.The Qualifier section determines the kind of Google Oauth verification/assessment your platform needs. In this step, select your Google Project number as well as the Nylas APIs you use (email, calendar, or contacts), and indicate how you use the selected APIs. Depending on your answer, you are redirected to one of two different paths:
The Purchase Assessment step uses your answers to estimate the final security assessment costs. As stated above, there are two outcomes within this step.
In this stage, the Nylas team reviews your application to ensure details submitted to Google are sufficient to get approved. We work with members of your team who can answer product questions, technical questions and navigate legal language. This portion of the process has questions around application functionality, requires a video recording demonstrating functionality, and works with your team to update your Privacy Policy to include Google-approved language. After you submit the responses, a Nylas Customer Success manager will reach out in two business days if there are any additional questions. Our team has helped app developers through hundreds of verifications – we offer the best practices we’ve learned and guidance at no additional charge to our customers.
Once the verification process has been completed, the Nylas team then sets up a streamlined assessment with one of Google’s approved security firms. At this stage, you’ll need someone from your team who can answer product questions and technical questions while remediating any found security issues/concerns. After you submit the responses, a Nylas Customer Success manager will reach out in two business days if there are any additional questions. This step also streamlines the sharing of general information with the third-party security firm, including: company name, project points of contact information, preferred communication methods, previous security test reports, and incidents so that testing can get underway quickly.
Here’s a visual overview of the process from start to finish:
Speak to a platform specialist now to learn more about the Nylas Express Security Review.
At Nylas, our information security team took action to investigate the Log4j vulnerability and found that our codebases were not impacted. As the incident unfolds, see how Nylas responded to identify the impact and protect customer data.
As APIs expand to the enterprise, they must balance innovation with stability and reduce or eliminate breaking changes.
Our partnership with Leviathan Security Group will provide a low-cost, streamlined certification process for any application that accesses Gmail data.
Dominic is a Product Marketing Manager at Nylas. In his spare time, he loves to hike and go to the beach with his dog.