Why is Mail.ReadWrite required for sending emails via Microsoft Graph API?

dishant · January 15, 2026, 9:11am

Hi Nylas Team,

I recently set up Microsoft email integration using the Nylas v3 API for sending emails only (no reading/syncing). Following the documentation, I configured my Azure AD app with the Mail.Send delegated permission as recommended.

However, when attempting to send emails using the /messages/send endpoint, I consistently received a 403 error:

{
  "error": {
    "type": "api.insufficient_scopes",
    "message": "missing scope required to send email",
    "provider_error": {
      "error": {
        "code": 403,
        "message": "Access is denied. Check credentials and try again."
      }
    }
  }
}

After extensive troubleshooting, I discovered that adding Mail.ReadWrite to both the Azure AD app permissions AND the Nylas connector scopes resolved the issue. Email sending now works perfectly.

My questions:

Why is Mail.ReadWrite required for sending emails? Is this because Nylas creates a draft message (POST /me/messages) before sending it, rather than using the POST /me/sendMail endpoint directly?
Should the documentation be updated to include Mail.ReadWrite as a required permission for email sending functionality?
Is there a way to send emails with only Mail.Send (without Mail.ReadWrite) for organizations that have strict permission policies?

Environment:

Nylas API v3
Microsoft Graph API (Microsoft 365 accounts)
Azure AD app with delegated permissions

Pracheta · January 15, 2026, 9:30am

Hi Dishant,

Thanks for your thoughtful questions — happy to clarify.

Why is Mail.ReadWrite required for sending emails?

Yes, your understanding is correct. Nylas creates and manages a message object (for example, creating a draft) before sending it. These actions require Microsoft Graph permissions that go beyond Mail.Send, which is why Mail.ReadWrite is needed.

Should the documentation be updated?

The current documentation does list Mail.ReadWrite as the required scope for the /messages/send endpoint, but we agree this can be easy to miss. We’ll share your feedback with our docs team to help make this clearer.

Can emails be sent with only Mail.Send?

Based on the scopes table, there isn’t a way to send emails through Nylas v3 with only Mail.Send. The minimum required Microsoft scope for the send endpoint is Mail.ReadWrite.

Here’s the documentation outlining the Microsoft scopes required for sending messages via the Nylas API:
Using granular scopes to request user data | Docs..#messages-api-scopes

Please let us know if you have any other questions.

Thanks,

Pracheta Munje.

Support Engineer, Nylas

Topic		Replies	Views
Nylas Microsoft grant can’t send mail (403 Access is denied) but direct Graph send works Question and Answers email-api	2	8	February 12, 2026
Untraceable errors in email sending Question and Answers email-api	1	138	November 4, 2025
Need Help Connecting Gmail — Getting “scope_not_allowed” with Nylas Google Connector (Production Mode) Question and Answers email-api	4	148	November 6, 2025
V3 API Microsoft JSON Error Outage Question and Answers email-api	6	99	January 12, 2026
MailboxNotEnabledForRESTAPI Question and Answers calendar-api	1	204	October 1, 2025

Why is Mail.ReadWrite required for sending emails via Microsoft Graph API?

Related topics