As you work with Nylas, you’ll need to use scopes to control the level of access Nylas has to your users’ data.
What are scopes?
Section titled “What are scopes?”Granular scopes represent sets of permissions you request from your users, on a per-provider basis. Each provider has its own set of scopes, and your users either approve or reject them when they authenticate with your Nylas application.
IMAP connectors don’t support scopes. For more information, see Creating grants with IMAP authentication.
Nylas API scopes
Section titled “Nylas API scopes”Each of the Nylas APIs requires different scopes to function properly. The tables in the following sections list the scopes you need to work with specific Nylas features.
All scopes must include the fully-qualified URI path for the provider. The tables shorten the full scope URIs for space reasons, so be sure to add the provider prefix when requesting scopes.
Messages API scopes
Section titled “Messages API scopes”All scopes except https://mail.google.com/ must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/messagesGET /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID> | /gmail.readonly | /gmail.modify |
PUT /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID> | /gmail.modify | — |
DELETE /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID> | /gmail.modify | https://mail.google.com/ (hard-delete) |
POST /v3/grants/<NYLAS_GRANT_ID>/messages/smart-composePOST /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID>/smart-compose | /gmail.readonly | /gmail.modify |
PUT /v3/grants/<NYLAS_GRANT_ID>/messages/clean | /gmail.readonly | — |
POST /v3/grants/<NYLAS_GRANT_ID>/messages/send | /gmail.send | /gmail.compose/gmail.modify |
You need to request the /gmail.send scope if you want to schedule messages to be sent in the future. For more information, see Schedule messages to send in the future.
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/messagesGET /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID> | Mail.Read | Mail.ReadWriteMail.Read.SharedMail.ReadWrite.Shared |
PUT /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID> | Mail.ReadWrite | Mail.ReadWrite.Shared |
POST /v3/grants/<NYLAS_GRANT_ID>/messages/smart-composePOST /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID>/smart-compose | Mail.Read | Mail.ReadWriteMail.ReadWrite.SharedMail.Read.Shared |
PUT /v3/grants/<NYLAS_GRANT_ID>/messages/clean | Mail.Read | — |
POST /v3/grants/<NYLAS_GRANT_ID>/messages/send | Mail.ReadWriteMail.Send | Mail.ReadWrite.Shared |
You need to request the Mail.ReadWrite and Mail.Send scopes if you want to schedule messages to be sent in the future. For more information, see Schedule messages to send in the future.
| Endpoint | Scopes |
|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/messagesGET /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID> | emailmail-r |
PUT /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID>POST /v3/grants/<NYLAS_GRANT_ID>/messages/smart-composePOST /v3/grants/<NYLAS_GRANT_ID>/messages/<MESSAGE_ID>/smart-composePOST /v3/grants/<NYLAS_GRANT_ID>/messages/send | emailmail-rmail-w |
Drafts API scopes
Section titled “Drafts API scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/draftsGET /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID> | /gmail.readonly | /gmail.compose |
POST /v3/grants/<NYLAS_GRANT_ID>/draftsPUT /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID> | /gmail.compose | — |
POST /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID> | /gmail.compose | /gmail.modify |
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/draftsGET /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID> | Mail.Read | Mail.ReadWriteMail.Read.SharedMail.ReadWrite.Shared |
POST /v3/grants/<NYLAS_GRANT_ID>/draftsPUT /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID> | Mail.ReadWrite | Mail.ReadWrite.Shared |
POST /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID> | Mail.ReadWriteMail.Send | Mail.ReadWrite.Shared |
| Endpoint | Scopes |
|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/draftsGET /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID> | emailmail-r |
POST /v3/grants/<NYLAS_GRANT_ID>/drafts/PUT /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID>POST /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/drafts/<DRAFT_ID> | emailmail-rmail-w |
Folders API scopes
Section titled “Folders API scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/foldersGET /v3/grants/<NYLAS_GRANT_ID>/folders/<FOLDER_ID>POST /v3/grants/<NYLAS_GRANT_ID>/foldersPUT /v3/grants/NYLAS_GRANT_ID>/folders/<FOLDER_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/folders/<FOLDER_ID> | /gmail.labels | /gmail.modify |
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/foldersGET /v3/grants/<NYLAS_GRANT_ID>/folders/<FOLDER_ID> | Mail.Read | Mail.ReadWriteMail.Read.SharedMail.ReadWrite.Shared |
POST /v3/grants/<NYLAS_GRANT_ID>/foldersPUT /v3/grants/NYLAS_GRANT_ID>/folders/<FOLDER_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/folders/<FOLDER_ID> | Mail.ReadWrite | Mail.ReadWrite.Shared |
| Endpoint | Scopes |
|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/foldersGET /v3/grants/<NYLAS_GRANT_ID>/folders/<FOLDER_ID> | emailmail-r |
POST /v3/grants/<NYLAS_GRANT_ID>/folders/PUT /v3/grants/<NYLAS_GRANT_ID>/folders/<FOLDER_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/folders/<FOLDER_ID> | emailmail-rmail-w |
Attachments API scopes
Section titled “Attachments API scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/attachments/<ATTACHMENT_ID> | /gmail.readonly | /gmail.modify |
All scopes must be prefixed with Microsoft’s URI path (https://graph.microsoft.com/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/attachments/<ATTACHMENT_ID> | Mail.Read | Mail.ReadWriteMail.Read.SharedMail.ReadWrite.Shared |
| Endpoint | Scopes |
|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/attachments/<ATTACHMENT_ID> | emailmail-r |
Contacts API scopes
Section titled “Contacts API scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/contactsGET /v3/grants/<NYLAS_GRANT_ID>/contacts/<CONTACT_ID>GET /v3/grants/<NYLAS_GRANT_ID>/contacts/groups | /contacts.readonly/contacts.other.readonly/directory.readonly | — |
POST /v3/grants/<NYLAS_GRANT_ID>/contactsPUT /v3/grants/<NYLAS_GRANT_ID>/contacts/<CONTACT_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/contacts/<CONTACT_ID> | /contacts | — |
You must request the /contacts.other.readonly scope to access contacts from the inbox source, and /directory.readonly for contacts from the domain source.
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/contactsGET /v3/grants/<NYLAS_GRANT_ID>/contacts/<CONTACT_ID>GET /v3/grants/<NYLAS_GRANT_ID>/contacts/groups | Contacts.ReadPeople.Read | — |
POST /v3/grants/<NYLAS_GRANT_ID>/contactsPUT /v3/grants/<NYLAS_GRANT_ID>/contacts/<CONTACT_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/contacts/<CONTACT_ID> | Contacts.ReadWrite | — |
You must request the People.Read scope to access contacts from the inbox and domain sources.
Calendar API scopes
Section titled “Calendar API scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/calendarsGET /v3/grants/<NYLAS_GRANT_ID>/calendars/<CALENDAR_ID>POST /v3/grants/<NYLAS_GRANT_ID>/calendars/free-busy | /calendar.readonly | /calendar |
POST /v3/grants/<NYLAS_GRANT_ID>/calendarsPUT /v3/grants/<NYLAS_GRANT_ID>/calendars/<CALENDAR_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/calendars/<CALENDAR_ID> | /calendar | — |
POST /v3/calendars/availability | /calendar.readonly | /calendar |
You need to request the /calendar scope if you want to use the primary keyword to reference the primary calendar associated with a grant. For more information about the primary keyword, see Find a calendar ID.
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/calendarsGET /v3/grants/<NYLAS_GRANT_ID>/calendars/<CALENDAR_ID>POST /v3/grants/<NYLAS_GRANT_ID>/calendars/free-busy | Calendars.Read | Calendars.ReadWrite |
POST /v3/grants/<NYLAS_GRANT_ID>/calendarsPUT /v3/grants/<NYLAS_GRANT_ID>/calendars/<CALENDAR_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/calendars/<CALENDAR_ID> | Calendars.ReadWrite | — |
POST /v3/calendars/availability | Calendars.Read | Calendars.ReadWrite |
Events API scopes
Section titled “Events API scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/eventsGET /v3/grants/<NYLAS_GRANT_ID>/events/<EVENT_ID> | /calendar.events.readonly | /calendar.events/calendar/calendar.readonly |
POST /v3/grants/<NYLAS_GRANT_ID>/eventsPUT /v3/grants/<NYLAS_GRANT_ID>/events/<EVENT_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/events/<EVENT_ID>POST /v3/grants/<NYLAS_GRANT_ID>/events/<EVENT_ID>/send-rsvp | /calendar.events | /calendar |
GET /v3/grants/<NYLAS_GRANT_ID>/resources | /admin.directory.resource.calendar.readonly | — |
You need to request the /calendar scope if you want to use the primary keyword to reference the primary calendar associated with a grant. For more information about the primary keyword, see Find a calendar ID.
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/eventsGET /v3/grants/<NYLAS_GRANT_ID>/events/<EVENT_ID> | Calendars.Read | Calendars.ReadWrite |
POST /v3/grants/<NYLAS_GRANT_ID>/eventsPUT /v3/grants/<NYLAS_GRANT_ID>/events/<EVENT_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/events/<EVENT_ID>POST /v3/grants/<NYLAS_GRANT_ID>/events/<EVENT_ID>/send-rsvp | Calendars.ReadWrite | — |
GET /v3/grants/<NYLAS_GRANT_ID>/resources | Place.Read.All | — |
You need to request the OnlineMeetings.ReadWrite scope if you want to automatically create conferencing details on events. For more information, see Enable autocreate for conferencing.
You need to request the meeting:write:meeting and user:read:user scopes if you want to automatically create conferencing details on events. For more information, see Enable autocreate for conferencing.
Scheduler API scopes
Section titled “Scheduler API scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
POST /v3/grants/<NYLAS_GRANT_ID>/scheduling/configurationsPUT /v3/grants/<NYLAS_GRANT_ID>/scheduling/configurations/<CONFIG_ID>GET /v3/grants/<NYLAS_GRANT_ID>/scheduling/availability | /calendar.readonly | /calendar |
POST /v3/grants/<NYLAS_GRANT_ID>/scheduling/bookingsPATCH /v3/grants/<NYLAS_GRANT_ID>/scheduling/bookings/<BOOKING_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/scheduling/bookings/<BOOKING_ID> | /calendar.events | /calendar |
| Endpoint | Required scopes | Other scopes |
|---|---|---|
POST /v3/grants/<NYLAS_GRANT_ID>/scheduling/configurationsPUT /v3/grants/<NYLAS_GRANT_ID>/scheduling/configurations/<CONFIG_ID>GET /v3/grants/<NYLAS_GRANT_ID>/scheduling/availability | Calendars.Read | Calendars.ReadWrite |
POST /v3/grants/<NYLAS_GRANT_ID>/scheduling/bookingsPATCH /v3/grants/<NYLAS_GRANT_ID>/scheduling/bookings/<BOOKING_ID>DELETE /v3/grants/<NYLAS_GRANT_ID>/scheduling/bookings/<BOOKING_ID> | Calendars.ReadWrite | — |
Order Consolidation API scopes
Section titled “Order Consolidation API scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/consolidated-orderGET /v3/grants/<NYLAS_GRANT_ID>/consolidated-shipmentGET /v3/grants/<NYLAS_GRANT_ID>/consolidated-return | /gmail.readonly | — |
All scopes must be prefixed with Microsoft’s URI path (https://graph.microsoft.com/).
| Endpoint | Required scopes | Other scopes |
|---|---|---|
GET /v3/grants/<NYLAS_GRANT_ID>/consolidated-orderGET /v3/grants/<NYLAS_GRANT_ID>/consolidated-shipmentGET /v3/grants/<NYLAS_GRANT_ID>/consolidated-return | Mail.Read | Mail.Read.Shared |
Nylas notification scopes
Section titled “Nylas notification scopes”Each of Nylas’ notification triggers requires different scopes to function properly. The tables in the following sections list the scopes you need to work with specific Nylas features.
All scopes must include the fully-qualified URI path for the provider. The tables shorten the full scope URIs for space reasons, so be sure to add the provider prefix when requesting scopes.
Messages notification scopes
Section titled “Messages notification scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
message.send_successmessage.send_failed | /gmail.send | — |
message.createdmessage.updated | /gmail.metadata | gmail.readonly/gmail.modify |
message.bounce_detected | /gmail.readonly/gmail.send | /gmail.modify |
If your account uses the /gmail.metadata scope, Nylas sends message.*.metadata notifications with limited information. For more information, see Using webhooks with Nylas.
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
message.send_successmessage.send_failed | Mail.ReadWriteMail.Send | — |
message.createdmessage.updated | Mail.Read | Mail.ReadWriteMail.ReadWrite.SharedMail.Read.Shared |
message.bounce_detected | Mail.ReadMail.Send | Mail.ReadWrite |
All message.* notifications require the email and mail-r scopes.
Threads notification scopes
Section titled “Threads notification scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
thread.replied | /gmail.readonly/gmail.send | /gmail.modify |
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
thread.replied | Mail.ReadMail.Send | Mail.ReadWrite |
All thread.* notifications require the email and mail-r scopes.
Folders notification scopes
Section titled “Folders notification scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
folder.createdfolder.updatedfolder.deleted | /gmail.metadata | /gmail.readonlygmail.modify |
If your account uses the /gmail.metadata scope, Nylas sends message.*.metadata notifications with limited information. For more information, see Using webhooks with Nylas.
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
folder.createdfolder.updatedfolder.deleted | Mail.Read | Mail.ReadWriteMail.ReadWrite.SharedMail.Read.Shared |
All folder.* notifications require the email and mail-r scopes.
Contacts notification scopes
Section titled “Contacts notification scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
contact.updatedcontact.deleted | /contact.readonly/contacts | — |
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
contact.updatedcontact.deleted | Contacts.Read | Contacts.Read.SharedContacts.ReadWriteContacts.ReadWrite.Shared |
Calendar notification scopes
Section titled “Calendar notification scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
calendar.createdcalendar.updatedcalendar.deleted | /calendar.events.readonly | /calendar.events |
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
calendar.createdcalendar.updatedcalendar.deleted | Calendars.Read | Calendars.Read.SharedCalendars.ReadWriteCalendars.ReadWrite.Shared |
Events notification scopes
Section titled “Events notification scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
event.createdevent.updatedevent.deleted | /calendar.events.readonly/calendar.readonly | /calendar.events |
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
event.createdevent.updatedevent.deleted | Calendars.Read | Calendars.Read.SharedCalendars.ReadWriteCalendars.ReadWrite.Shared |
ExtractAI notification scopes
Section titled “ExtractAI notification scopes”All scopes must be prefixed with Google’s URI path (https://www.googleapis.com/auth/).
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
message.intelligence.ordermessage.intelligence.trackingmessage.intelligence.return | /gmail.readonly | — |
| Notification trigger | Required scopes | Other scopes |
|---|---|---|
message.intelligence.ordermessage.intelligence.trackingmessage.intelligence.return | Mail.Read | Mail.Read.Shared |
Google OAuth verification
Section titled “Google OAuth verification”If your application accesses Google user data with the Google APIs and requests certain scopes, you might have to complete the Google verification process and a separate security assessment process. The processes that you need to complete depends on whether your application requests sensitive or restricted scopes.
| Scope type | Required processes | Google policy and requirements |
|---|---|---|
| Sensitive | Google verification | Your application must follow Google’s API Services User Data Policy. |
| Restricted | Google verification and security assessment | Your application must follow Google’s API Services User Data Policy and meet additional requirements for specific scopes. |
For more information, see our Google verification and security assessment guide.