Revoking Access Tokens
access_tokens never expire. You have to revoke
access_tokens. If you ever need to reauthenticate an account, you can have more than one
access_token for an account.
access_tokens never expire, it is possible for them to become invalidated or de-authenticated.
Since Nylas access tokens never expire, we recommend revoking old Nylas access tokens when you re-authenticate accounts. You can use the Account Management /revoke-all endpoint with the
keep_access_token body parameter to ensure old access tokens are revoked.
- Authenticate a Google account and get
- User changes their password, so account becomes invalidated but the Nylas
access_token_1is still active
- Re-authenticate the Google account and get a new
access_token_2for the account