Only show these results:

Manage access tokens in Nylas API v2

In this guide, you'll learn how to create new access tokens.

Generate an access token from the Accounts page in v2

You can generate a new token in the Nylas Dashboard. Click on Accounts on the left, select the account you want to generate a token for, and click Generate a new token.

Generate new token

Good to know: Generating a new token doesn't delete any previous access tokens. See Revoking access tokens (below) for more information.

Revoking access tokens in v2

The Nylas v2 <ACCESS_TOKEN> never expires. If you want to stop using it or stop others from using it, you must revoke it. If you ever need to re-authenticate an account, you can have more than one access token for an account.

Even though a Nylas v2 access token never expires, they can become invalid or de-authenticated, for example when a user changes their password.

Revoking Tokens

Since Nylas access tokens never expire, you should revoke any previous Nylas access tokens when you re-authenticate an account. You can use the Account Management /revoke-all endpoint with the keep_access_token body parameter to ensure former access tokens are revoked. An example workflow is described below:

  1. Authenticate a Google account and get the initial <ACCESS_TOKEN>.
  2. The user changes their password and the account becomes invalidated. However, the initial Nylas <ACCESS_TOKEN> is still active.
  3. Re-authenticate the Google account and receive a new <ACCESS_TOKEN> for the account.
  4. Call the /revoke-all endpoint with keep_access_token=<ACCESS_TOKEN> using the new access token from Step 3.

Gmail Limitations

The Gmail refresh_token is also revoked if you use the /revoke-all endpoint and omit the keep_access_token parameter.