Only show these results:

Revoking Access Tokens

Nylas access_tokens never expire. You have to revoke access_tokens. If you ever need to reauthenticate an account, you can have more than one access_token for an account.

While Nylas access_tokens never expire, it is possible for them to become invalidated or de-authenticated.

Revoking Tokens

Since Nylas access tokens never expire, we recommend revoking old Nylas access tokens when you re-authenticate accounts. You can use the Account Management /revoke-all endpoint with the keep_access_token body parameter to ensure old access tokens are revoked.

  1. Authenticate a Google account and get access_token_1
  2. User changes their password, so account becomes invalidated but the Nylas access_token_1 is still active
  3. Re-authenticate the Google account and get a new access_token_2 for the account
  4. Call /revoke-all endpoint with keep_access_token=access_token_2.