Authorize API requests
In this step, you'll learn how to authorize requests to the Nylas v2 API.
When you authenticate an account with Nylas, you're telling your email provider that you are the owner of the account and you're giving Nylas access to it. The provider then gives Nylas an access token for the account. You can use that access token (with some other information, like the Nylas application's client ID and secret) to make API requests for your user data.
Confusing language alert: "Authentication" is the process of proving who you are, and that you have the right to make decisions about an account and its data. However, when you make API requests you use an "authorization" header to pass a token or other credential. The token is like a backstage pass: it authorizes you to make requests. But then the different types of API authorization headers are known as "authentication" types.
Even worse, both of these are sometimes shortened as "auth". We try to be as clear as possible in the Nylas docs about which one we mean.
Immediately after you authenticate an account, Nylas shows its access token. If you navigate away from the initial connection screen without saving the access token, you can go to the Accounts page and generate a new one.
Each access token is unique to its account and the permissions (also called "scopes") that the end user agreed to when they connected. You use access tokens with your Nylas application's client ID and secret to authorize requests to the Nylas APIs.
⚠️ Be sure to save the access token in a safe place. You cannot view it again after you leave the page. You can generate a new access token later if needed.
There are three ways to authorize API requests in Nylas API v2, and you can read about them in the Authorizing v2 requests guide. Of these, Nylas recommends you use Bearer authentication to authorize your API requests.
This step is optional for the Sandbox tutorial, but you'll need your client ID and client secret (sometimes called "developer keys") if you want to try making API requests on your own. It's a good idea to learn where they are!
Each Nylas application has its own Client ID and Client Secret. You can see these values in the Nylas Dashboard:
- Select your application from the dropdown menu at the top left of the page.
- Click App Settings in the left navigation menu.
Nylas displays the Client ID and Client Secret at the right side of the screen.
Access tokens are generated for each user account when they connect to a Nylas application. You can generate a new Nylas access token if you lose or forget the original one, if the token becomes invalid, or if you need a token with different scopes.
To generate a new Nylas access token:
- Log in to the Nylas Dashboard.
- Select Accounts from the left navigation menu.
- Choose the account that you want to create an access token for.
- On the page that appears, click Generate a new token.
🔍 Access tokens are specific to an account, but accounts can have more than one token. Each token also records the specific scopes that the user agreed to when they authenticated their account.
Generating a new token does not revoke any existing tokens. To revoke a token, use one of the Nylas
revoke API endpoints.
Ready to make some API calls? Let's go!