Authentication scopes
📝 Nylas scopes are no longer used in v3. Instead, specify the scopes for each provider. You can use the Detect Provider endpoint to help determine which scopes to send with an authentication request.
All scopes must include the fully qualified URI path for the provider, for example https://www.googleapis.com/auth/...
for Google, and https://graph.microsoft.com/...
for Microsoft Graph. These have been omitted due to space constraints.
The ☑️ character appears near the most restrictive scope you can use to enable functionality on each provider. More permissive scopes that you can use instead appear under the minimum option.
Calendar and Events API scopes
Endpoint | Google Scopeshttps://www.googleapis.com/auth/... | Microsoft Scopeshttps://graph.microsoft.com/... |
GET |
|
|
POST |
|
|
POST |
|
|
GET |
|
|
POST |
|
|
Calendar and Events webhook scopes
Webhook trigger | Google Scopeshttps://www.googleapis.com/auth/... | Microsoft Scopeshttps://graph.microsoft.com/... |
|
|
|
|
|
|
Email related API scopes
Endpoint | Google Scopeshttps://www.googleapis.com/auth/... | Microsoft Scopeshttps://graph.microsoft.com/... |
GET |
|
|
GET |
|
|
PUT DELETE |
|
|
GET |
|
|
POST |
|
|
POST |
|
|
POST |
|
|
POST |
|
|
POST |
|
|
GET |
|
|
POST |
|
|
GET |
|
|
GET |
No scopes required because scheduled messages are stored with Nylas. |
Email scopes for Yahoo OAuth
If you use Yahoo OAuth authentication to connect to Yahoo users' email inboxes, include the following scopes in your Yahoo provider auth app.
All email-related webhooks require the Yahoo email
and mail-r
scopes.
Endpoint | Yahoo scopes |
---|---|
GET /messages
GET /messages/{message_id}
GET /drafts
GET /drafts/{draft_id}
GET /folders
GET /folders/{folder_id}
GET /attachments/ |
email
mail-r
|
PUT /messages/
DELETE /messages/
POST /drafts
PUT /drafts/{draft_id}
DELETE /drafts/{draft_id}
POST /messages/smart-compose
POST /messages/{message_id}/smart-compose
POST /messages/send
POST /messages/send (using draft)
POST /folders
PUT /folders/{folder_id}
DELETE /folders/{folder_id}
|
email
mail-r
mail-w
|
Email related webhook scopes
Webhook trigger | Google Scopeshttps://www.googleapis.com/auth/... | Microsoft Scopeshttps://graph.microsoft.com/... |
|
|
|
|
|
|
|
|
|
|
|
|
Contacts API scopes
Endpoint | Google Scopeshttps://www.googleapis.com/auth/... | Microsoft Scopeshttps://graph.microsoft.com/... |
GET |
|
|
POST |
|
|
Note - To access Contacts with the |
Contacts webhook scopes
Webhook trigger | Google Scopeshttps://www.googleapis.com/auth/... | Microsoft Scopeshttps://graph.microsoft.com/... |
|
|
|
Google OAuth verification
If your application accesses Google user data with Google APIs and requests certain scopes, you might have to complete a Google verification process, and a separate security assessment process. Which process or processes depends on whether your app requests sensitive scopes or restricted scopes.
Scope Type | Required Processes | Google Policy and Requirements |
---|---|---|
Sensitive | Google verification | Your application must follow Google’s API Services User Data Policy. |
Restricted | Both Google verification and security assessment | Your application must follow Google’s API Services User Data Policy and meet additional requirements for specific scopes. |
For more information, see the Google verification and security assessment guide.