Skip to content

TW-5785: fix Nylas v3 request shapes + add Scheduler session-token auth#118

Merged
qasim-nylas merged 2 commits into
mainfrom
tw-5785-fix-cli-request-shape-bugs
Jul 10, 2026
Merged

TW-5785: fix Nylas v3 request shapes + add Scheduler session-token auth#118
qasim-nylas merged 2 commits into
mainfrom
tw-5785-fix-cli-request-shape-bugs

Conversation

@qasim-nylas

Copy link
Copy Markdown
Collaborator

Summary

Fixes several CLI request shapes that hit the wrong Nylas v3 endpoints or sent invalid payloads, and adds the Scheduler session-token auth flow that booking commands require. Every change was verified against the Nylas v3 spec, and make ci-full (fmt/vet/lint/unit/race/security/vuln/build + the full live-API integration suite) passes.

⚠️ Breaking changes

  • scheduler bookings show|confirm|reschedule|cancel now require --configuration-id. These endpoints are authorized by a Scheduler session token, not the application API key; the CLI now mints a session from the configuration and uses it as the bearer. Old invocations error with required flag(s) "configuration-id" not set.
  • scheduler bookings confirm: --salt is now required (from the booking reference — organizer link, cancel/reschedule URL, or a Scheduler webhook). --reason is a deprecated no-op.
  • admin credentials create: --type no longer accepts oauth/service_account (never valid v3 values) — use connector. --client-id/--client-secret are now required; these are the provider's OAuth app credentials (e.g. your Google Cloud / Azure app), not your Nylas app's — they populate the spec-required credential_data.
  • admin credentials list/show/create JSON output no longer includes connector_id/credential_type/credential_data — the v3 CredentialObject returns only id, name, created_at, updated_at.
  • admin credentials create: --connector-id is deprecated (use --connector); passing both is now an error.

What changed

Admin / credentials

  • Connector credential URL …/credentials…/creds; credential ops are connector-scoped (auto-detect the sole connector; validate an explicit provider against the v3 allow-list; reject the deprecated inbox provider by name and legacy ID)
  • Trimmed ConnectorCredential to the fields the API actually returns
  • Offset-paginate credential lists (no more silent truncation at the default 10)
  • Connector resolution deduplicated into domain.ResolveConnectorProvider

Scheduler

  • Session-token bearer plumbing in the HTTP client; the four booking methods now take a configurationID and mint a session
  • Reschedule fixed to bare PATCH /scheduling/bookings/{id}; the booking is read back with the requested times overlaid (the booking model carries no times)
  • Confirm requires salt+status and handles the cancelled no-data envelope; cancel sends cancellation_reason in the DELETE body
  • Configuration endpoints are grant-scoped; the configuration list is cursor-paginated
  • Session TTL tag fixed (ttltime_to_live)
  • Deprecated no-op shims: confirm --reason, reschedule --timezone/--reason

JSON-RPC handlers, mock/demo adapters, unit + integration tests, and command docs updated to match.

Testing

  • make ci-full — exit 0 (all quality gates + full live-API integration suite + cleanup)
  • New unit tests for connector resolution, provider validation, credential/config pagination (incl. empty-list []-not-null), booking session-token flow, and the deprecated-flag shims

Related docs

CLI command reference:

Nylas v3 API:

Corrects CLI request shapes that hit wrong Nylas v3 endpoints or sent invalid
payloads, and adds the Scheduler session-token auth flow that booking commands
require. Verified against the v3 spec; make ci-full green.

Admin / credentials:
- Fix connector credential URL: /connectors/{provider}/credentials -> /creds
- Connector-scope credential ops; auto-detect the sole connector, validate an
  explicit provider against the v3 allow-list, reject the deprecated `inbox`
  provider (by name and by legacy connector ID)
- Correct credential --type to the spec enum (connector); require the provider
  OAuth app --client-id/--client-secret (spec-required credential_data)
- Trim ConnectorCredential to the fields the v3 CredentialObject returns
  (id/name/created_at/updated_at)
- Offset-paginate credential lists so they no longer truncate at the default 10
- Deduplicate connector resolution into domain.ResolveConnectorProvider

Scheduler:
- Booking endpoints authenticate with a session token minted from a now-required
  --configuration-id (the API key is not accepted on these endpoints); reworked
  GetBooking/ConfirmBooking/RescheduleBooking/CancelBooking + session-token
  bearer plumbing in the HTTP client
- Fix reschedule URL (bare PATCH /scheduling/bookings/{id}); read the booking
  back with the requested times overlaid (the booking model carries no times)
- Confirm requires salt+status; handle the cancelled no-data envelope
- Cancel sends cancellation_reason in the DELETE body
- Grant-scope configuration endpoints; cursor-paginate the configuration list
- Fix session TTL tag (ttl -> time_to_live)
- Deprecated no-op shims: confirm --reason, reschedule --timezone/--reason

JSON-RPC handlers, mocks/demo adapters, unit/integration tests, and command docs
updated to match.
@qasim-nylas qasim-nylas requested a review from AaronDDM July 10, 2026 11:30

@AaronDDM AaronDDM left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@qasim-nylas qasim-nylas merged commit 16b246f into main Jul 10, 2026
9 of 10 checks passed
@qasim-nylas qasim-nylas deleted the tw-5785-fix-cli-request-shape-bugs branch July 10, 2026 11:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants