Only show these results:

Revoking Access Tokens

Nylas <ACCESS_TOKEN> never expire. You have to revoke the <ACCESS_TOKEN>. If you ever need to reauthenticate an account, you can have more than one <ACCESS_TOKEN> for an account.

While Nylas an <ACCESS_TOKEN> never expires, it is possible for them to become invalidated or deauthenticated.

Revoking Tokens

Since Nylas access tokens never expire, we recommend revoking former Nylas access tokens when you reauthenticate accounts. You can use the Account Management /revoke-all endpoint with the keep_access_token body parameter to ensure former access tokens are revoked.

  1. Authenticate a Google account and get initial <ACCESS_TOKEN>.
  2. User changes their password, so account becomes invalidated but the initial Nylas <ACCESS_TOKEN> is still active.
  3. Reauthenticate the Google account and get a new <ACCESS_TOKEN> for the account.
  4. Call /revoke-all endpoint with keep_access_token=<ACCESS_TOKEN> using the new access token from Step 3.

Gmail Limitations

If you use the /revoke-all endpoint, and don't use the keep_access_token to keep at least one access token, the Gmail refresh_token is also revoked.