What is privacy mode?
Section titled “What is privacy mode?”Privacy mode is a security feature that restricts data access to only objects created through the Nylas API. It provides enhanced data privacy and access control. When enabled, it ensures that users can only interact with objects that were created through Nylas API, providing a layer of protection for sensitive calendar data.
Privacy mode is a paid feature. Contact the Nylas sales team to enable this feature for your application.
Current support for privacy mode
Section titled “Current support for privacy mode”Currently, privacy mode is only supported for calendar events. When privacy mode is enabled:
- Users maintain access to all calendars.
- Users can only access events that were created via Nylas API.
- Events created outside of Nylas API (For example, Google Calendar, Microsoft Outlook) are not accessible.
How privacy mode works
Section titled “How privacy mode works”Object access restrictions
Section titled “Object access restrictions”When privacy mode is enabled, the following restrictions apply:
- Return an event will only return events created by Nylas API.
- Update an event will only update events created by Nylas API.
- Delete an event will only delete events created by Nylas API.
- Return all events will only return events created by Nylas API.
- Import events will only return events created by Nylas API.
Error messages
Section titled “Error messages”When you attempt to access events not created by Nylas API, you’ll receive a 403 Forbidden response with the following error message:
{ "request_id": "921039196-e72dd1a1-4715-4ad8-871b-6802b86cb6e9", "error": { "type": "forbidden", "message": "Event is not accessible under privacy filter" }}Webhook notifications
Section titled “Webhook notifications”When privacy mode is enabled, you will only receive the webhook notifications for events created by Nylas API. The following event notification will be affected:
event.createdevent.updatedevent.deleted
Events created outside of Nylas API will not trigger webhook notifications, even if they exist in the user’s calendar.
Recurring events
Section titled “Recurring events”For recurring events, access is determined by the primary event. If the primary event was created by Nylas API, users have full access to the entire recurring series. Updating a recurring event doesn’t revoke users’ access to the series and all instances of the recurring event remain accessible if the primary event was created by Nylas API.
Historical data limitation: Nylas does not track which events were created by Nylas API before privacy mode is enabled. When you turn on privacy mode, you will immediately lose access to all events created before enabling the feature, regardless of whether they were created by Nylas API or not.
Use cases
Section titled “Use cases”Privacy mode is designed for scenarios where data privacy and access control are critical.
Customer privacy protection
Section titled “Customer privacy protection”Some customers don’t want to share their calendar events that weren’t created by your application. Privacy mode ensures they only see and interact with events relevant to your service.
Multi-tenant applications
Section titled “Multi-tenant applications”When building applications that create meetings for end customers, privacy mode prevents access to other calendar events or meetings belonging to those customers, providing essential data isolation and protection.
Compliance requirements
Section titled “Compliance requirements”Organizations with strict data privacy requirements can use privacy mode to ensure that only authorized, application-created events are accessible through the Nylas API.