Bring Your Own Authentication

Manually creates a grant using the Bring Your Own (BYO) Authentication flow. If you're handling the OAuth flow in your own project or you want to migrate existing users, BYO Auth lets you provide the user's refresh_token to create a grant.

If a user previously authenticated with your Nylas application using the same email address, Nylas detects this and re-authenticates their existing grant instead of creating a new one. The API response contains the user's existing grant_id.

Supported providers

Pick the request body variant that matches your provider:

• Refresh token — OAuth providers (google, microsoft, yahoo, zoom) using a standard refresh token.
• Credential override — OAuth providers, but using a stored credential record to swap in different client credentials.
• Microsoft bulk auth — Microsoft App Permissions. Requires a connector credential and the admin consent flow.
• Google bulk auth — Google Service Accounts. Requires a connector credential and the Service Account flow.
• IMAP — direct IMAP/SMTP credentials for any IMAP provider.
• iCloud — an iCloud email address plus an Apple app password.
• EWS — on-premises Microsoft Exchange; hosted Exchange should use Microsoft Graph instead.
• Virtual calendar — a Virtual Calendar grant for scheduling without a third-party provider.
• Zoom Meetings — Zoom OAuth. Your OAuth app must include the granular scopes meeting:write:meeting, meeting:update:meeting, and meeting:delete:meeting.
• Nylas (Agent Account) — a fully Nylas-hosted Agent Account email and calendar mailbox on a domain you've registered with Nylas.