Only show these results:

Authentication scopes

📝 Nylas scopes are no longer used in v3. Instead, specify the scopes for each provider. You can use the Detect Provider endpoint to help determine which scopes to send with an authentication request.

All scopes must include the fully qualified URI path for the provider, for example https://www.googleapis.com/auth/... for Google, and https://graph.microsoft.com/... for Microsoft Graph. These have been omitted due to space constraints.

The ☑️ character appears near the most restrictive scope you can use to enable functionality on each provider. More permissive scopes that you can use instead appear under the minimum option.

Calendar and Events API scopes

EndpointGoogle Scopes
https://www.googleapis.com/auth/...
Microsoft Scopes
https://graph.microsoft.com/...

GET /calendars
GET /calendars/<calendar_id>
POST /calendars/free-busy

/calendar.readonly☑️
/calendar

Calendars.Read ☑️
Calendars.ReadWrite

POST /calendars
PUT /calendars/<calendar_id>
DELETE /calendars/<calendar_id>

/calendar ☑️

Calendars.ReadWrite ☑️

POST /calendars/availability

/calendar.readonly ☑️
/calendar

Calendars.Read ☑️
Calendars.ReadWrite

GET /events
GET /events/<event_id>

/calendar.events.readonly ☑️
/calendar.events
/calendar

Calendars.Read ☑️
Calendars.ReadWrite

POST /events
PUT /events/<event_id>
DELETE /events/<event_id>
POST /events/<event_id>/send-rsvp

/calendar.events ☑️
/calendar

Calendars.ReadWrite ☑️

Calendar and Events webhook scopes

Webhook triggerGoogle Scopes
https://www.googleapis.com/auth/...
Microsoft Scopes
https://graph.microsoft.com/...

calendar.created
calendar.updated
calendar.deleted

/calendar.events.readonly ☑️
/calendar.events

Calendars.Read ☑️
Calendars.Read.Shared
Calendars.ReadWrite
Calendars.ReadWrite.Shared

event.created
event.updated
event.deleted

/calendar.events.readonly ☑️
/calendar.events

Calendars.Read ☑️
Calendars.Read.Shared
Calendars.ReadWrite
Calendars.ReadWrite.Shared

EndpointGoogle Scopes
https://www.googleapis.com/auth/...
Microsoft Scopes
https://graph.microsoft.com/...

GET /messages

/gmail.readonly ☑️
/gmail.modify

Mail.Read ☑️
Mail.ReadWrite
Mail.Read.Shared
Mail.ReadWrite.Shared

GET /messages/<message_id>

/gmail.readonly ☑️
/gmail.modify

Mail.Read ☑️
Mail.ReadWrite
Mail.Read.Shared
Mail.ReadWrite.Shared

PUT/messages/<message_id>

DELETE /messages/<message_id>

/gmail.modify ☑️

Mail.ReadWrite ☑️
Mail.ReadWrite.Shared

GET /drafts
GET /drafts/<draft_id>

/gmail.readonly ☑️
/gmail.compose

Mail.Read ☑️
Mail.ReadWrite
Mail.Read.Shared
Mail.ReadWrite.Shared

POST /drafts
PUT /drafts/<draft_id>
DELETE /drafts/<draft_id>

/gmail.compose ☑️

Mail.ReadWrite ☑️
Mail.ReadWrite.Shared

POST /messages/smart-compose

/gmail.readonly ☑️
/gmail.modify

Mail.Read ☑️
Mail.ReadWrite
Mail.ReadWrite.Shared
Mail.Read.Shared

POST /messages/<message_id>/smart-compose

/gmail.readonly ☑️
/gmail.modify

Mail.Read ☑️
Mail.ReadWrite
Mail.ReadWrite.Shared
Mail.Read.Shared

POST /messages/send

/gmail.send☑️
/gmail.compose
/gmail.modify

Mail.ReadWrite and Mail.Send ☑️
Mail.ReadWrite.Shared and Mail.Send

POST /messages/send (using draft)

/gmail.compose ☑️
/gmail.modify

Mail.ReadWrite and Mail.Send ☑️
Mail.ReadWrite.Shared and Mail.Send

GET /folders
GET /folders/<folder_id>

/gmail.labels ☑️
/gmail.modify

Mail.Read ☑️
Mail.ReadWrite
Mail.ReadWrite.Shared
Mail.Read.Shared

POST /folders
PUT /folders/<folder_id>
DELETE /folders/<folder_id>

/gmail.labels ☑️
/gmail.modify

Mail.ReadWrite ☑️
Mail.ReadWrite
Mail.ReadWrite.Shared

GET /attachments/<id>

/gmail.readonly ☑️
/gmail.modify

Mail.Read ☑️
Mail.ReadWrite
Mail.ReadWrite.Shared
Mail.Read.Shared

GET /messages/schedules
GET /messages/schedules/<scheduleId>
DELETE /messages/schedules/<scheduleId>

No scopes required because scheduled messages are stored with Nylas.
However you need gmail.send / Mail.ReadWrite and Mail.Send to send the scheduled messages.

Email scopes for Yahoo OAuth

If you use Yahoo OAuth authentication to connect to Yahoo users' email inboxes, include the following scopes in your Yahoo provider auth app.

All email-related webhooks require the Yahoo email and mail-r scopes.

EndpointYahoo scopes
GET /messages
GET /messages/{message_id}
GET /drafts
GET /drafts/{draft_id}
GET /folders
GET /folders/{folder_id}
GET /attachments/
email
mail-r
PUT /messages/
DELETE /messages/
POST /drafts
PUT /drafts/{draft_id}
DELETE /drafts/{draft_id}
POST /messages/smart-compose
POST /messages/{message_id}/smart-compose
POST /messages/send
POST /messages/send (using draft)
POST /folders
PUT /folders/{folder_id}
DELETE /folders/{folder_id}
email
mail-r
mail-w
Webhook triggerGoogle Scopes
https://www.googleapis.com/auth/...
Microsoft Scopes
https://graph.microsoft.com/...

message.send_success
message.send_failed

/gmail.send ☑️

Mail.ReadWrite and Mail.Send ☑️

message.created
message.updated

/gmail.readonly ☑️
/gmail.modify

Mail.Read ☑️
Mail.ReadWrite
Mail.ReadWrite.Shared
Mail.Read.Shared

message.bounce_detected

/gmail.readonly ☑️

Mail.Read ☑️

folder.created
folder.updated
folder.deleted

/gmail.readonly ☑️
or /gmail.labels with refactor
/gmail.modify

Mail.Read ☑️
Mail.ReadWrite
Mail.ReadWrite.Shared
Mail.Read.Shared

Contacts API scopes

EndpointGoogle Scopes
https://www.googleapis.com/auth/...
Microsoft Scopes
https://graph.microsoft.com/...

GET /contacts
GET /contacts/<contact_id>
GET /contact_groups

/contacts.readonly, /contacts.other.readonly, and /directory.readonly * ☑️

Contacts.Read and People.Read * ☑️

POST /contacts
PUT /contacts/<contact_id>
DELETE /contacts/<contact_id>

/contacts ☑️

Contacts.ReadWrite ☑️

Note - To access Contacts with the inbox source, you must use the contacts.other.readonly Google scope and the People.Read
Microsoft scope. For Contacts with the domain source, you must use the directory.readonly Google scope and the People.Read Microsoft scope.

Contacts webhook scopes

Webhook triggerGoogle Scopes
https://www.googleapis.com/auth/...
Microsoft Scopes
https://graph.microsoft.com/...

contact.updated
contact.deleted

/contact.readonly ☑️
/contacts ☑️

Contacts.Read ☑️
Contacts.Read.Shared
Contacts.ReadWrite
Contacts.ReadWrite.Shared

Google OAuth verification

If your application accesses Google user data with Google APIs and requests certain scopes, you might have to complete a Google verification process, and a separate security assessment process. Which process or processes depends on whether your app requests sensitive scopes or restricted scopes.

Scope Type Required Processes Google Policy and Requirements
Sensitive Google verification Your application must follow Google’s API Services User Data Policy.
Restricted Both Google verification and security assessment Your application must follow Google’s API Services User Data Policy and meet additional requirements for specific scopes.

For more information, see the Google verification and security assessment guide.