Use Google accounts and data with Nylas
The Nylas platform drastically reduces the effort it takes to use Google accounts with your application. With just a few lines of code, you can add full email, calendar, and contacts functions to your project.
This page introduces you to Google provider auth apps.
Get started
First, you need to connect your Nylas application to a Google provider auth app. This allows your end users to authenticate with their Google accounts, and providers your project access to the data you specify in the Google API. Follow the steps in Create a Google provider auth app to set up a Google Cloud Platform (GCP) project.
Build with the Nylas SDKs
The Nylas SDKs are the quickest way to get started using Gmail, Google Calendar, and Google Contacts in your Nylas application. Nylas offers Python, Node.js, Ruby, and Kotlin/Java SDKs to suit a variety of preferences.
Google verification and security assessment
Before you can publish your GCP project, you might have to take extra steps to comply with Google's OAuth 2.0 policies and complete their verification process. Be sure to request the most restrictive scopes that you need for your GCP application. If you request any of Google's restricted scopes, Google will require your application to complete a security assessment. This could extend your verification timeline significantly, or cause Google to fail your review.
For more information, see the Google verification and security assessment guide.
"Sign in with Google" branding guidelines
Your GCP project must include a "Sign in with Google" button that meets Google's branding guidelines. This applies to the OAuth flow for both personal Gmail (@gmail.com
) and Workspace email addresses.
Google OAuth verification
⚠️ The Google verification and security assessment processes can take several weeks or longer. Be sure to plan your development timeline around this.
When you create your Google project, you must list the scopes that your Nylas application will use. Each scope grants your application permission to access a specific category or piece of user data.
If your application accesses Google user data with Google APIs and requests certain scopes, you might have to complete a Google verification process, and a separate security assessment process. Which process or processes depends on whether your app requests sensitive scopes or restricted scopes.
Scope Type | Required Processes | Google Policy and Requirements |
---|---|---|
Sensitive | Google verification | Your application must follow Google’s API Services User Data Policy. |
Restricted | Both Google verification and security assessment | Your application must follow Google’s API Services User Data Policy and meet additional requirements for specific scopes. |
Google provider limitations
You should keep the following limitations in mind as you work with your GCP project:
- The Gmail API has a set of usage limits that apply to all requests made from your Nylas application. This includes the number of email messages that you can send per day. For more information, see Google's official Usage limits documentation.
- The Google Calendar API has two sets of usage limits: the number of requests your application can make each minute, and the number of requests your application can make per user each minute. For more information, see Google's official Manage quotas documentation.
- If an attachment file name contains non-ASCII characters (for example, accented characters like
ü
), Google can't detect its content type. Because of this, Nylas returns an emptycontent_type
field.
One-click unsubscribe headers
As of February 2024, Google requires that users who send more than 5,000 email messages per day to Gmail email addresses include one-click unsubscribe headers in each of their marketing and subscribed emails (see Google’s official Email sender guidelines). This is along with the visible unsubscribe links that must be in the body content of all marketing and subscribed email messages.
To set up one-click unsubscribe headers using Nylas, include the custom_headers
object in your Send Message or Create Draft request. This object accepts a set of key-value pairs, each of which represents the header’s name
and its value
. You must include the following headers:
List-Unsubscribe-Post
:List-Unsubscribe=One-Click
List-Unsubscribe
: The unsubscribe link (for example, amailto
link that uses the end user’s email address, or a link to your list management software).
"custom_headers":[
{
"name": "List-Unsubscribe-Post",
"value": "List-Unsubscribe=One-Click"
},
{
"name": "List-Unsubscribe",
"value": "<mailto: nyla@example.com?subject=unsubscribe>, <https://mailinglist.example.com/unsubscribe.html>"
}
]