Source: https://cli.nylas.com/guides/extract-otp-codes-from-email # Extract OTP Codes from Email — Skip the Inbox Stop switching to your inbox every time a 2FA code arrives. nylas otp get scans recent emails for verification codes and copies the result to your clipboard in under a second. Works across all major email providers — no browser required. Written by [Nick Barraclough](https://cli.nylas.com/authors/nick-barraclough) Product Manager Reviewed by [Qasim Muhammad](https://cli.nylas.com/authors/qasim-muhammad) Updated April 26, 2026 > **TL;DR:** Run `nylas otp get` to pull the latest OTP from your inbox to your clipboard. Use `--raw` for scripting, `nylas otp watch` to poll for incoming codes. No inbox tab needed. ## Why are OTP codes hard to extract from email? Every OTP interrupts your flow. You get a login prompt, switch to your email client, wait for the message, find the 6-digit code buried in a template, type it in, then switch back. That's 30–60 seconds of context switching per authentication event. For developers running integration tests or end-to-end flows, it's worse. You need the code programmatically, which means writing custom email polling logic for each provider — Gmail API, Microsoft Graph, IMAP idle — before you can even get to the actual test. The [FIDO Alliance Online Authentication Barometer](https://fidoalliance.org/online-authentication-barometer/) tracks how often users abandon signups when verification is slow or inconvenient — and the abandonment rate is consistently high across consumer surveys. Brittle OTP extraction code is one of the top causes of flaky E2E tests. The Nylas CLI solves both problems with one command: `nylas otp get`. ## 1. Install ```bash brew install nylas/nylas-cli/nylas ``` For shell-script, PowerShell, and Go install paths, see the [getting started guide](https://cli.nylas.com/guides/getting-started). Verify the install: ```bash nylas --version ``` ## 2. Authenticate Connect your email account using an API key from the [Nylas Dashboard](https://dashboard.nylas.com/): ```bash nylas auth config --api-key YOUR_API_KEY ``` This stores credentials locally. The CLI works with Gmail, Outlook, Exchange (EWS), Yahoo Mail, iCloud Mail, and any IMAP server — you don't need to configure each provider separately. ## 3. Get the latest OTP code Pull the most recent OTP from your inbox: ```bash nylas otp get ``` ```text ✓ OTP found Code: 847291 From: noreply@github.com Subject: Your GitHub verification code Copied to clipboard ``` The command scans your recent emails, finds the verification code, and copies it to your clipboard automatically. For scripting — where you don't want clipboard side effects — use `--raw`: ```bash nylas otp get --raw ``` ```text 847291 ``` To skip the clipboard copy in interactive sessions: ```bash nylas otp get --no-copy ``` ## 4. Watch for incoming OTP codes When you need to wait for a code that hasn't arrived yet, use `nylas otp watch`. It polls your inbox and prints each new OTP as it arrives: ```bash nylas otp watch ``` ```text Watching for OTP codes... (Ctrl+C to stop) [14:23:05] 847291 — noreply@github.com [14:31:18] 193047 — security@google.com ``` Control the polling interval (in seconds): ```bash nylas otp watch --interval 5 ``` To watch without copying codes to the clipboard: ```bash nylas otp watch --no-copy --interval 10 ``` Press Ctrl+C to stop watching. ## 5. List configured accounts If you have multiple email accounts connected, list them: ```bash nylas otp list ``` ```text ACCOUNT PROVIDER user@gmail.com Gmail work@company.com Outlook personal@icloud.com iCloud ``` Target a specific account when fetching: ```bash nylas otp get user@gmail.com ``` ## 6. Use OTP codes in scripts The `--raw` flag makes OTP extraction composable. Here's a complete bash flow that triggers a password reset, waits for the code, and submits it: ```bash #!/usr/bin/env bash set -euo pipefail EMAIL="user@example.com" API_BASE="https://app.example.com/api" # Trigger the OTP email curl -s -X POST "$API_BASE/auth/send-otp" \ -H "Content-Type: application/json" \ -d "{"email": "$EMAIL"}" # Wait for delivery, then grab the code sleep 3 CODE=$(nylas otp get --raw) echo "Got code: $CODE" # Submit the code curl -s -X POST "$API_BASE/auth/verify-otp" \ -H "Content-Type: application/json" \ -d "{"email": "$EMAIL", "code": "$CODE"}" echo "Verified." ``` In CI/CD, store your API key as a secret and set it before running: ```yaml # GitHub Actions example - name: Authenticate Nylas CLI run: nylas auth config --api-key ${{ secrets.NYLAS_API_KEY }} - name: Run OTP flow test run: ./scripts/test-otp-flow.sh ``` The CLI reads `NYLAS_API_KEY` from the environment, so you can skip the `nylas auth config` step entirely in ephemeral CI environments: ```bash # Set env var — CLI picks it up automatically export NYLAS_API_KEY=your_key CODE=$(nylas otp get --raw) ``` ## Next steps - [E2E email testing with Playwright](https://cli.nylas.com/guides/e2e-email-testing) — combine OTP extraction with full end-to-end test flows - [Email as identity for AI agents](https://cli.nylas.com/guides/email-as-identity-for-ai-agents) — authenticate AI workflows via email-based verification - [PowerShell email in CI/CD](https://cli.nylas.com/guides/powershell-email-cicd) — Windows-native automation for email-dependent pipelines - [Getting started with Nylas CLI](https://cli.nylas.com/guides/getting-started) — connect your first account in under 5 minutes - [Command reference](https://cli.nylas.com/docs/commands) — every flag, subcommand, and example - [RFC 6238 -- TOTP: Time-Based One-Time Password](https://datatracker.ietf.org/doc/html/rfc6238) — the spec for the time-windowed codes you're extracting from email