Command
nylas webhook verify
The nylas webhook verify command validates a webhook payload against a signature and secret. Use --payload-file for a saved raw body, --payload for inline JSON, --signature for the received signature header, and --secret for the webhook signing secret.
Written by Qasim Muhammad Staff SRE
What does nylas webhook verify do?
The nylas webhook verify command validates a webhook payload against a signature and secret. Use --payload-file for a saved raw body, --payload for inline JSON, --signature for the received signature header, and --secret for the webhook signing secret.
Usage
nylas webhook verify --payload-file PAYLOAD.json --signature SIG --secret SECRETFlags
| Flag | Description |
|---|---|
| --json | Output as JSON |
| --no-color | Disable color output |
| --verbose(-v) | Enable verbose output |
| --config | Custom config file path |
| --help(-h) | Show help for the command |
| --limit | Limit results (most list commands) |
| --yes(-y) | Skip confirmations |
| --payload | Inline webhook payload JSON |
| --payload-file | Path to a file containing the raw webhook payload |
| --signature | Webhook signature header value |
| --secret | Webhook signing secret |
Examples
Verify a saved payload
nylas webhook verify \
--payload-file message.created.json \
--signature "$NYLAS_SIGNATURE" \
--secret "$NYLAS_WEBHOOK_SECRET"Verify inline JSON
nylas webhook verify \
--payload '{"type":"message.created"}' \
--signature "$NYLAS_SIGNATURE" \
--secret "$NYLAS_WEBHOOK_SECRET"Troubleshooting
Signature mismatch
Verify against the exact raw request body. Middleware that parses and reserializes JSON can change bytes and invalidate the signature.
Recommended guides
Add Email Sync to Your App Without IMAP
Skip per-mailbox IMAP IDLE connections. Use webhooks for push and on-demand reads for backfill, prototyped from the terminal — and know when IMAP still wins.
Sync Contacts Across Gmail and Outlook
Read contacts from Gmail and Outlook with one tool, deduplicate them by email, and get change notifications — without building a sync engine yourself.
Track Email Opens, Clicks, and Replies
Send tracked email and receive open, click, and reply events over webhooks from the terminal. Verify the signatures, and learn why email open rates overcount.
Send OTP and 2FA Codes by Email
Generate a cryptographically secure one-time code and send it by email from the terminal — no SMTP. Test the full round trip and learn email OTP's limits.
Microsoft Graph Mailbox Agent Best Practices
Least-privilege Graph scopes, throttling limits, and change notifications for an AI agent that reads and writes an Outlook mailbox — without an Azure app.
Automate Sales Follow-Up Emails (CLI)
Run a sales follow-up cadence from the terminal: send tracked touches, read replies on a schedule, and stop the sequence on the thread.replied webhook.
IMAP IDLE Explained (RFC 2177)
How IMAP IDLE works under RFC 2177: the 29-minute re-issue rule, why it needs a persistent socket per mailbox, and the webhook push alternative.
Create ClickUp Tasks from Email (CLI)
Turn email into ClickUp tasks from the terminal: pull messages as JSON with the Nylas CLI, then POST to the ClickUp API task endpoint with a list ID and token.
Create Zendesk Tickets from Email (CLI)
Pull inbound email as JSON with the CLI, map subject and sender to a ticket object, and POST to the Zendesk Tickets API. With external_id dedupe.
Send Email to Telegram (CLI)
Forward emails to a Telegram chat from the terminal: pull messages as JSON with the CLI, shape them with jq, and POST to the Telegram Bot API sendMessage.
Auto-Organize Incoming Email by Rule
Auto label incoming email from the terminal. A message.created webhook runs deterministic rules; nylas email mark and folder IDs sort each message.
Get Alerts for VIP Sender Emails
Fire an alert when a VIP emails you: a message.created webhook checks the sender against an allowlist, or poll with nylas email search on a cron.
OAuth PKCE for Email, Explained
What PKCE (RFC 7636) adds to the OAuth authorization-code flow for email: code_verifier, code_challenge, why public clients need it, and how Nylas runs it.
Give an AI Agent Calendar Access
Wrap nylas calendar availability and events as agent tools: read-only by default, draft-before-create for writes, and an OAuth scope the agent can't widen.
Push Email into a Coda Doc (CLI)
Pull email as JSON with the Nylas CLI and insert one row per message into a Coda table via the Coda API rows endpoint. Upsert on message ID to avoid duplicates.
Create Confluence Pages from Email
Pull email as JSON with the Nylas CLI and POST to the Confluence Cloud REST API /wiki/api/v2/pages with a space ID. One page per message, on a schedule.
AI Agent Email Bounce Detection and Retry
Deterministic bounce rules for AI agents: classify soft vs hard from DSN codes, retry 4.x.x with backoff, suppress 5.x.x, and escalate edge cases to humans.
Send Email Alerts to Microsoft Teams
Forward matching email into a Teams channel after the connector retirement: nylas email search JSON piped to a Power Automate Workflows webhook as an Adaptive Card.
Send and Parse Email with One API
Send with nylas email send and parse replies with nylas email search on one grant — no separate inbound-parse product, MX record, or multipart payload to unpack.
Email APIs with Webhook Support Compared
SendGrid, Mailgun, and Postmark delivery-event webhooks vs Nylas mailbox triggers like message.opened and thread.replied, with a one-command webhook create example.
Truto vs Nylas: Unified API Comparison
Truto proxies 500+ integrations across 45+ SaaS categories in real time; Nylas syncs email, calendar, and contacts with webhooks. Which model fits your build?
Unified.to vs Nylas: Unified API Comparison
Unified.to normalizes 465 integrations across 28 SaaS categories; Nylas goes deep on email, calendar, and contacts. Data models, webhooks, and when each wins.
Aurinko vs Nylas: Email API Comparison
Aurinko pairs a unified mailbox API with pre-built CRM sync logic. Nylas adds Yahoo and IMAP coverage, 27 webhook triggers, hosted OAuth, and an open-source CLI.
Trigger Agents on Inbound Email with Webhooks
Replace cron polling with webhooks: register a message.created hook so your agent account wakes the agent the instant mail arrives, signature-verified.
Google Calendar Push Notifications
How Google Calendar watch channels work, why the channel-token mismatch error happens, and how to get signed calendar webhooks with one CLI command instead.
Handle Email Bounces from the CLI
Hard vs soft bounces and how to detect them with the message.bounce_detected webhook — then suppress hard bounces permanently to protect your sender reputation.
Verify Webhook Signatures (HMAC Guide)
A webhook URL is public, so anyone can POST to it. Verify the HMAC signature on the raw body with a constant-time compare before acting, plus replay defense.
Outlook Calendar Change Notifications
How Microsoft Graph calendar subscriptions work, the validationToken handshake, the ~3-day expiry, clientState verification, and a simpler signed-webhook path.
Gmail Push Notifications (watch + Pub/Sub)
How Gmail's users.watch and Cloud Pub/Sub deliver new-mail notifications, why the 7-day watch expires, the historyId sync, and a simpler signed-webhook path.
How to Evaluate an Email AI Agent
Evaluate an email agent with a labeled test set, classification and action-accuracy metrics, and prompt-injection guardrail tests you run on every change.
Service Account vs OAuth for Email Access
Service accounts give an app its own identity; user OAuth acts on a person's behalf. When to use each for email, the security trade-offs, and the simpler default.
Google Domain-Wide Delegation, Explained
Domain-wide delegation lets a service account act as any Workspace user. When you need it, the security trade-offs, and when per-user OAuth via Nylas is simpler.
OAuth Refresh Token Management for Email
Access tokens expire every 3,600 seconds; refresh tokens mint new ones. How refresh works, what revokes it, and how Nylas refreshes email tokens for you.
OAuth Scopes for Email, Explained
OAuth scopes decide what an app may read or send in a mailbox. How email scopes work on Google and Microsoft, least privilege, and how Nylas requests them for you.
Email Read Receipts: API Options Compared
Gmail's API has no read receipt endpoint. Compare RFC 8098 MDNs, Outlook's isReadReceiptRequested, Workspace receipts, and webhook-based open tracking.
Gmail API Sandbox: Test Email Integrations
Gmail has no API sandbox. Compare the real options: a dedicated test account, the Amazon SES sandbox, fake SMTP inboxes, and nylas demo with sample data.
Password Reset Emails: Choosing an API
Password reset emails are latency-critical transactional sends. Compare SES, Postmark, SendGrid, and Nylas, meet Gmail's sender rules, and test the loop.
Calendar Invite Prompt Injection Defense
Calendar invites land in an AI agent's context without any click. Defend with organizer allowlists, metadata-first triage, human-run RSVPs, and audit logs.
Monitor Email Integration Health from Terminal
Schedule nylas doctor health checks in cron, track API error rates from audit logs, test webhook endpoints, and send an alert email when a check fails.
Handle Email API Outages: Backoff and Queues
Detect an email API outage in under 30 seconds, retry with exponential backoff, queue sends to a local spool, and flush it cleanly when service returns.
Email Auth: OAuth vs API Key vs App Password
Compare OAuth 2.0, API keys, and app-specific passwords for email API authentication. Security trade-offs, token lifetimes, provider support, and setup guides.
Email to Slack Alerts from Terminal
Forward important emails to Slack channels automatically. Poll for new messages, filter by sender or subject, and post formatted alerts via incoming webhooks.
Email Prompt Injection Defense
Defend AI email agents against prompt injection attacks. Input separation, capability sandboxing, human-in-the-loop approvals, and audit logging patterns.
Calendly Alternative for Developers
Build a developer-owned scheduling flow with Nylas CLI: find time, check availability, create events, and handle calendar webhooks.
Mailtrap Alternative for Real Inbox Testing
Compare Mailtrap, Mailosaur, and Nylas Agent Accounts for testing transactional email flows with real inbox delivery.
Parse Inbound Email Webhooks
Register inbound email webhooks, verify signatures, and parse message.created payloads into JSON your app can process.
Cypress Email Testing
Test password resets, magic links, and OTP emails in Cypress with a real inbox, Nylas CLI JSON output, and isolated agent accounts.
Secure OpenClaw Email Access
Secure OpenClaw email access with plugin allowlists, scoped Nylas credentials, policy rules, send approvals, and local MCP or exec boundaries.
Test Email Webhooks Locally
Test Nylas email webhooks locally with tunnel setup, signed payload checks, trigger discovery, and replayable fixtures before shipping handlers.
MCP Email Server Security Checklist
Secure MCP email servers with least privilege, local server checks, token boundaries, webhook verification, and write-action controls.
Stop Your AI Agent From Going Rogue
Terminate rogue AI agent sessions at the connector layer. Outbound blocks, auto-reply kill switches, and prompt-injection containment — all before SMTP.
Extract OTP Codes from Email — Skip the Inbox
Pull 2FA verification codes from email without opening your inbox. The nylas otp get command copies the latest code to your clipboard across all providers.
CI/CD Email Alerts with PowerShell
Send build failure alerts, deployment reports, and test results from GitHub Actions, Azure DevOps, and Jenkins pipelines using PowerShell and Nylas CLI.
Secure CLI Email: API Keys and Audit Logging
Manage Nylas CLI credentials securely. Rotate API keys, configure audit logging, enforce data policies, and meet SOC 2 requirements for email automation.
Audit AI Agent Activity (Claude, Copilot, MCP)
Audit logs for AI agent actions across Claude Code, GitHub Copilot, and MCP servers. Filter by source, export for compliance, trace every agent command.
Send GPG Encrypted Email from CLI
Send and receive GPG/PGP encrypted email from your terminal using Nylas CLI. Auto-fetches keys from keyservers. Sign, encrypt, or both via RFC 3156 PGP/MIME.
E2E Email Testing with Playwright
Test password reset, invitation, and verification emails end-to-end. Poll with Nylas CLI, verify content in Playwright, and click links. No Gmail config needed.
Run nylas webhook verify --help for full help output.