Nylas authentication workflows

AbdulrahmanSalim · October 28, 2024, 9:18am

I am having a security concern regarding to the authentication workflows provided by Nylas. If I decide to use the OAuth and the API key method, then the developers will have access to users data (emails, calendars and etc…) using the API key and the grantId that they can see from the dashboard.
If I decided to go with the OAuth and access tokens, it should be more secure, but the concern is, that the developers can still access data using the first method.
I believe we should only be allowed to use one authentication method to address this issue.

Did I understand it right or is there something else I am missing?

Thanks,

ram · January 15, 2025, 6:20pm

Thanks for your message @AbdulrahmanSalim and I hear your concerns.

For any case where you need the user’s permissions to access data, the user will be notified of these permissions in advance before accepting. For example Google App Permissions is something all developers need to setup to ensure the user is informed about access.

So securing user access would be something the developer will need to manage through audit trails, logging, and/or securing access to product environment.

Topic		Replies	Views
Issue with Nylas API Authentication – Need Help! Question and Answers	1	37	January 29, 2025
What is the recommended auth flow to store the grant_id? Question and Answers authentication	2	68	July 12, 2024
Can you help me with integration Nylas v2 on Nylas v3 Question and Answers authentication	3	63	September 6, 2024
Help with Code/ Access Tokens Exchange Question and Answers	2	182	March 14, 2024
Can nylas do this? (AppleId OAuth and Calendars) Question and Answers calendar-api	1	25	September 26, 2024

Nylas authentication workflows

Related topics