Manage access tokens in Nylas API v2
In this guide, you'll learn how to create new access tokens.
You can generate a new token in the Nylas Dashboard. Click on Accounts on the left, select the account you want to generate a token for, and click Generate a new token.
Good to know: Generating a new token doesn't delete any previous access tokens. See Revoking access tokens (below) for more information.
The Nylas v2
<ACCESS_TOKEN> never expires. If you want to stop using it or stop others from using it, you must revoke it. If you ever need to re-authenticate an account, you can have more than one access token for an account.
Even though a Nylas v2 access token never expires, they can become invalid or de-authenticated, for example when a user changes their password.
Since Nylas access tokens never expire, you should revoke any previous Nylas access tokens when you re-authenticate an account. You can use the Account Management /revoke-all endpoint with the
keep_access_token body parameter to ensure former access tokens are revoked. An example workflow is described below:
- Authenticate a Google account and get the initial
- The user changes their password and the account becomes invalidated. However, the initial Nylas
<ACCESS_TOKEN>is still active.
- Re-authenticate the Google account and receive a new
<ACCESS_TOKEN>for the account.
- Call the
keep_access_token=<ACCESS_TOKEN>using the new access token from Step 3.
refresh_token is also revoked if you use the /revoke-all endpoint and omit the