We can authenticate a Microsoft account via Nylas Connect and receive a valid grant. However, sending fails with api.insufficient_scopes / 403 from provider. Direct Microsoft Graph /me/sendMail using the same account succeeds (HTTP 202), so Graph permissions are valid; issue appears Nylas-side.
Nylas Grant
-
grantId: ce54f5ff-581c-44d8-8ad9-d0caea254ead
-
provider: microsoft
-
email: leo_jiazi@163.com
-
scopes on grant:
Failed Nylas send
-
request_id: 833169978-9c68d05b-9a70-4c51-9904-9555d0e92b72
-
error: api.insufficient_scopes
-
provider_error: 403 Access is denied. Check credentials and try again.
Graph direct send
-
/me returns 200
-
/me/sendMail returns 202 (success)
Question
Why does Nylas return insufficient_scopes and 403 for send, when direct Graph send works with the same account? Are additional scopes or tenant settings required for Nylas?
Failed Nylas send (immediate)
POST https://api.us.nylas.com/v3/grants/ce54f5ff-581c-44d8-8ad9-d0caea254ead/messages/send
Authorization: Bearer <NYLAS_API_KEY>
Content-Type: application/json
{
“subject”: “Nylas immediate send test (personal)”,
“body”: “Test from anotherme-api via Nylas immediate send (personal Outlook).”,
“to”: [
{ "email": "leo_jiazi@163.com" }
]
}
Response
{
“request_id”: “833169978-9c68d05b-9a70-4c51-9904-9555d0e92b72”,
“error”: {
"type": "api.insufficient_scopes",
"message": "missing scope required to send email",
"provider_error": {
"error": {
"code": 403,
"message": "Access is denied. Check credentials and try again."
}
}
}
}
Direct Graph verification (success)
GET https://graph.microsoft.com/v1.0/me
Authorization: Bearer <MICROSOFT_ACCESS_TOKEN>
=> HTTP 200
POST https://graph.microsoft.com/v1.0/me/sendMail
Authorization: Bearer <MICROSOFT_ACCESS_TOKEN>
Content-Type: application/json
=> HTTP 202
Scheduled send check (failure)
Authorization: Bearer <NYLAS_API_KEY>
Response
{
“status”: {
"code": "failed",
"description": "schedule send failed",
"reason": "a non retryable error occurred when sending the message"
}
}