nylas 6.7.1 → 6.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa916629fd9482f57599bd8cb7887f69575cc12cffd4f2d3d0fa37c5cd163b70
-  data.tar.gz: 906042891eb1519df1ff287ae27104b5f871edcbb938e25cc23e65a1d71452a0
+  metadata.gz: 39fb36891572d67e348da1b79d8d0f73c0c542f073252733a17c7a11ac5f041b
+  data.tar.gz: 234c99ad89acd1ef2069bea31a70f7f86e8acf8e5b6a0a38b6000e79e7a570e4
 SHA512:
-  metadata.gz: 1f7203ab924ec04f7efda91875003a8ffa10a182800ae7f0ffa8fb1cb7ad01a5cb4403bf99d79d84e58514acd25b45e8446a5522f771b7bd110e1c17595d94c1
-  data.tar.gz: fb23ac5760b2ed22f253dba8316baf5542ca29f654b1ca5b92345d34918e138065051b207435a62c82d41cefdbb7d3f6ecec0df0eee8294c3471518cc54f3151
+  metadata.gz: ae326a217e211366f66a2079cc98990c9ebad04bd0c48a88c6a1634adae55db6d9ee505060655eb4faee1a2deffb7d4447e007a5e5b09a3fdc44157743b20034
+  data.tar.gz: b5c494daa9bd4062765eb5182382f550d06abb20ee85d0c890dee54cede76af4ea5650765ebd9bc3bb151d404bb853b409e9695219a5bcf29156d27df6fd696d

data/lib/nylas/client.rb

@@ -8,6 +8,7 @@ require_relative "resources/auth"
 require_relative "resources/webhooks"
 require_relative "resources/applications"
 require_relative "resources/folders"
+require_relative "resources/lists"
 require_relative "resources/notetakers"
 require_relative "resources/scheduler"
 
@@ -99,6 +100,13 @@ module Nylas
       Grants.new(self)
     end
 
+    # The list resources for your Nylas application.
+    #
+    # @return [Nylas::Lists] List resources for your Nylas application
+    def lists
+      Lists.new(self)
+    end
+
     # The message resources for your Nylas application.
     #
     # @return [Nylas::Messages] Message resources for your Nylas application
@@ -113,6 +121,34 @@ module Nylas
       Threads.new(self)
     end
 
+    # The policy resources for your Nylas application.
+    #
+    # @return [Nylas::Policies] Policy resources for your Nylas application.
+    def policies
+      Policies.new(self)
+    end
+
+    # The rule resources for your Nylas application.
+    #
+    # @return [Nylas::Rules] Rule resources for your Nylas application.
+    def rules
+      Rules.new(self)
+    end
+
+    # The workspace resources for your Nylas application.
+    #
+    # @return [Nylas::Workspaces] Workspace resources for your Nylas application.
+    def workspaces
+      Workspaces.new(self)
+    end
+
+    # The domain resources for your Nylas application.
+    #
+    # @return [Nylas::Domains] Domain resources for your Nylas application.
+    def domains
+      Domains.new(self)
+    end
+
     # The webhook resources for your Nylas application.
     #
     # @return [Nylas::Webhooks] Webhook resources for your Nylas application.

data/lib/nylas/handler/api_operations.rb

@@ -15,9 +15,10 @@ module Nylas
       #
       # @param path [String] Destination path for the call.
       # @param query_params [Hash, {}] Query params to pass to the call.
+      # @param headers [Hash, {}] Additional HTTP headers to include in the payload.
       # @return [Array([Hash, Array], String, Hash)] Nylas data object, API Request ID, and response headers.
-      def get(path:, query_params: {})
-        response = get_raw(path: path, query_params: query_params)
+      def get(path:, query_params: {}, headers: {})
+        response = get_raw(path: path, query_params: query_params, headers: headers)
 
         [response[:data], response[:request_id], response[:headers]]
       end
@@ -26,10 +27,11 @@ module Nylas
       #
       # @param path [String] Destination path for the call.
       # @param query_params [Hash, {}] Query params to pass to the call.
+      # @param headers [Hash, {}] Additional HTTP headers to include in the payload.
       # @return [Array<Array<Hash>, String, String, Hash>]
       #   Nylas data array, API Request ID, next cursor, and response headers.response headers.
-      def get_list(path:, query_params: {})
-        response = get_raw(path: path, query_params: query_params)
+      def get_list(path:, query_params: {}, headers: {})
+        response = get_raw(path: path, query_params: query_params, headers: headers)
 
         [response[:data], response[:request_id], response[:next_cursor], response[:headers]]
       end
@@ -40,16 +42,20 @@ module Nylas
       #
       # @param path [String] Destination path for the call.
       # @param query_params [Hash, {}] Query params to pass to the call.
+      # @param headers [Hash, {}] Additional HTTP headers to include in the payload.
       # @return [Hash] The JSON response from the Nylas API.
-      def get_raw(path:, query_params: {})
-        execute(
+      def get_raw(path:, query_params: {}, headers: {})
+        request = {
           method: :get,
           path: path,
           query: query_params,
           payload: nil,
           api_key: api_key,
           timeout: timeout
-        )
+        }
+        request[:headers] = headers unless headers.empty?
+
+        execute(**request)
       end
     end
 
@@ -63,18 +69,21 @@ module Nylas
       # @param path [String] Destination path for the call.
       # @param query_params [Hash, {}] Query params to pass to the call.
       # @param request_body [Hash, nil] Request body to pass to the call.
+      #   Defaults to {} when nil to ensure Content-Type: application/json is sent.
       # @param headers [Hash, {}] Additional HTTP headers to include in the payload.
       # @return [Array(Hash, String, Hash)] Nylas data object, API Request ID, and response headers.
-      def post(path:, query_params: {}, request_body: nil, headers: {})
-        response = execute(
+      def post(path:, query_params: {}, request_body: nil, headers: {}, serialized_json_body: nil)
+        request = {
           method: :post,
           path: path,
           query: query_params,
-          payload: request_body,
+          payload: request_body || {},
           headers: headers,
           api_key: api_key,
           timeout: timeout
-        )
+        }
+        request[:serialized_json_body] = serialized_json_body unless serialized_json_body.nil?
+        response = execute(**request)
 
         [response[:data], response[:request_id], response[:headers]]
       end
@@ -90,18 +99,21 @@ module Nylas
       # @param path [String] Destination path for the call.
       # @param query_params [Hash, {}] Query params to pass to the call.
       # @param request_body [Hash, nil] Request body to pass to the call.
+      #   Defaults to {} when nil to ensure Content-Type: application/json is sent.
       # @param headers [Hash, {}] Additional HTTP headers to include in the payload.
       # @return Nylas data object and API Request ID.
-      def put(path:, query_params: {}, request_body: nil, headers: {})
-        response = execute(
+      def put(path:, query_params: {}, request_body: nil, headers: {}, serialized_json_body: nil)
+        request = {
           method: :put,
           path: path,
           query: query_params,
-          payload: request_body,
+          payload: request_body || {},
           headers: headers,
           api_key: api_key,
           timeout: timeout
-        )
+        }
+        request[:serialized_json_body] = serialized_json_body unless serialized_json_body.nil?
+        response = execute(**request)
 
         [response[:data], response[:request_id]]
       end
@@ -117,18 +129,21 @@ module Nylas
       # @param path [String] Destination path for the call.
       # @param query_params [Hash, {}] Query params to pass to the call.
       # @param request_body [Hash, nil] Request body to pass to the call.
+      #   Defaults to {} when nil to ensure Content-Type: application/json is sent.
       # @param headers [Hash, {}] Additional HTTP headers to include in the payload.
       # @return Nylas data object and API Request ID.
-      def patch(path:, query_params: {}, request_body: nil, headers: {})
-        response = execute(
+      def patch(path:, query_params: {}, request_body: nil, headers: {}, serialized_json_body: nil)
+        request = {
           method: :patch,
           path: path,
           query: query_params,
-          payload: request_body,
+          payload: request_body || {},
           headers: headers,
           api_key: api_key,
           timeout: timeout
-        )
+        }
+        request[:serialized_json_body] = serialized_json_body unless serialized_json_body.nil?
+        response = execute(**request)
 
         [response[:data], response[:request_id]]
       end
@@ -143,15 +158,17 @@ module Nylas
       #
       # @param path [String] Destination path for the call.
       # @param query_params [Hash, {}] Query params to pass to the call.
+      # @param request_body [Hash, nil] Optional request body (e.g. cancellation_reason for bookings).
+      #   Defaults to {} to ensure Content-Type: application/json is sent.
       # @param headers [Hash, {}] Additional HTTP headers to include in the payload.
       # @return Nylas data object and API Request ID.
-      def delete(path:, query_params: {}, headers: {})
+      def delete(path:, query_params: {}, request_body: nil, headers: {})
         response = execute(
           method: :delete,
           path: path,
           query: query_params,
           headers: headers,
-          payload: nil,
+          payload: request_body || {},
           api_key: api_key,
           timeout: timeout
         )

data/lib/nylas/handler/http_client.rb

@@ -30,11 +30,14 @@ module Nylas
     # @param query [Hash, {}] Hash of names and values to include in the query section of the URI
     # fragment.
     # @param payload [Hash, nil] Body to send with the request.
+    # @param serialized_json_body [String, nil] Pre-serialized JSON body to send as-is.
     # @param api_key [Hash, nil] API key to send with the request.
     # @return [Object] Parsed JSON response from the API.
-    def execute(method:, path:, timeout:, headers: {}, query: {}, payload: nil, api_key: nil)
+    def execute(method:, path:, timeout:, headers: {}, query: {}, payload: nil, api_key: nil,
+                serialized_json_body: nil)
       request = build_request(method: method, path: path, headers: headers,
-                              query: query, payload: payload, api_key: api_key, timeout: timeout)
+                              query: query, payload: payload, api_key: api_key, timeout: timeout,
+                              serialized_json_body: serialized_json_body)
       begin
         httparty_execute(**request) do |response, _request, result|
           content_type = nil
@@ -91,12 +94,14 @@ module Nylas
     # @param query [Hash, {}] Hash of names and values to include in the query section of the URI
     # fragment.
     # @param payload [Hash, nil] Body to send with the request.
+    # @param serialized_json_body [String, nil] Pre-serialized JSON body to send as-is.
     # @param timeout [Integer, nil] Timeout value to send with the request.
     # @param api_key [Hash, nil] API key to send with the request.
     # @return [Object] The request information after processing. This includes an updated payload
     # and headers.
     def build_request(
-      method:, path: nil, headers: {}, query: {}, payload: nil, timeout: nil, api_key: nil
+      method:, path: nil, headers: {}, query: {}, payload: nil, timeout: nil, api_key: nil,
+      serialized_json_body: nil
     )
       url = build_url(path, query)
       resulting_headers = default_headers.merge(headers).merge(auth_header(api_key))
@@ -104,7 +109,10 @@ module Nylas
       # Check for multipart flag using both string and symbol keys for backwards compatibility
       is_multipart = !payload.nil? && (payload["multipart"] || payload[:multipart])
 
-      if !payload.nil? && !is_multipart
+      if !serialized_json_body.nil?
+        payload = serialized_json_body
+        resulting_headers["Content-type"] = "application/json"
+      elsif !payload.nil? && !is_multipart
         normalize_json_encodings!(payload)
         payload = payload&.to_json
         resulting_headers["Content-type"] = "application/json"
@@ -489,6 +497,8 @@ module Nylas
 
     # Set the authorization header for an API query.
     def auth_header(api_key)
+      return {} if api_key.nil?
+
       { "Authorization" => "Bearer #{api_key}" }
     end
   end

data/lib/nylas/handler/service_account_signer.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+require "base64"
+require "json"
+require "openssl"
+require "securerandom"
+
+module Nylas
+  # Builds Nylas Service Account request signing headers for organization admin APIs.
+  #
+  # @see https://developer.nylas.com/docs/v3/auth/nylas-service-account/
+  class ServiceAccountSigner
+    NONCE_ALPHABET = ("a".."z").to_a.concat(("A".."Z").to_a, ("0".."9").to_a).freeze
+    DEFAULT_NONCE_LENGTH = 20
+    SIGNED_BODY_METHODS = %w[post put patch].freeze
+
+    attr_reader :private_key_id
+
+    # @param private_key_pem [String] RSA private key in PEM format.
+    # @param private_key_id [String] Value for the X-Nylas-Kid header.
+    def initialize(private_key_pem:, private_key_id:)
+      @private_key = self.class.load_rsa_private_key(private_key_pem)
+      @private_key_id = private_key_id
+    end
+
+    # Returns deterministic JSON with keys sorted at every object level and no extra whitespace.
+    #
+    # @param data [Hash, Array, String, Numeric, true, false, nil] Data to serialize.
+    # @return [String] Canonical JSON string.
+    def self.canonical_json(data)
+      JSON.generate(canonicalize(data))
+    end
+
+    # Loads an RSA private key from a PEM string.
+    #
+    # @param private_key_pem [String] RSA private key in PEM format.
+    # @return [OpenSSL::PKey::RSA]
+    def self.load_rsa_private_key(private_key_pem)
+      key = OpenSSL::PKey::RSA.new(private_key_pem)
+      raise ArgumentError, "Private key must be RSA private key" unless key.private?
+      raise ArgumentError, "Private key must be at least 2048 bits" if key.n.num_bits < 2048
+
+      key
+    rescue OpenSSL::PKey::PKeyError
+      raise ArgumentError, "Private key must be RSA PEM"
+    end
+
+    # Generates a cryptographically secure alphanumeric nonce.
+    #
+    # @param length [Integer] Length of the nonce to generate.
+    # @return [String] Generated nonce.
+    def self.generate_nonce(length = DEFAULT_NONCE_LENGTH)
+      Array.new(length) { NONCE_ALPHABET[SecureRandom.random_number(NONCE_ALPHABET.length)] }.join
+    end
+
+    # Builds signed headers and, for JSON body methods, the exact canonical body to send.
+    #
+    # @param method [String, Symbol] HTTP method.
+    # @param path [String] Relative request path, for example "/v3/admin/domains".
+    # @param body [Hash, nil] Request body for POST/PUT/PATCH requests.
+    # @param timestamp [Integer, nil] Optional Unix timestamp in seconds, mainly for tests.
+    # @param nonce [String, nil] Optional nonce, mainly for tests.
+    # @return [Array(Hash, String)] Signed headers and optional serialized JSON body.
+    def build_headers(method:, path:, body: nil, timestamp: nil, nonce: nil)
+      timestamp ||= Time.now.to_i
+      nonce ||= self.class.generate_nonce
+      method_value = method.to_s.downcase
+      serialized_body = nil
+
+      if SIGNED_BODY_METHODS.include?(method_value) && !body.nil?
+        serialized_body = self.class.canonical_json(body)
+      end
+
+      envelope = {
+        method: method_value,
+        nonce: nonce,
+        path: path,
+        timestamp: timestamp
+      }
+      envelope[:payload] = serialized_body if serialized_body
+
+      signature = @private_key.sign(OpenSSL::Digest.new("SHA256"), self.class.canonical_json(envelope))
+
+      [
+        {
+          "X-Nylas-Kid" => private_key_id,
+          "X-Nylas-Nonce" => nonce,
+          "X-Nylas-Timestamp" => timestamp.to_s,
+          "X-Nylas-Signature" => Base64.strict_encode64(signature)
+        },
+        serialized_body
+      ]
+    end
+
+    class << self
+      private
+
+      def canonicalize(value)
+        case value
+        when Hash
+          value.keys.sort_by(&:to_s).each_with_object({}) do |key, result|
+            result[key.to_s] = canonicalize(value[key])
+          end
+        when Array
+          value.map { |item| canonicalize(item) }
+        else
+          value
+        end
+      end
+    end
+  end
+end

data/lib/nylas/resources/applications.rb

@@ -8,6 +8,7 @@ module Nylas
   # Application
   class Applications < Resource
     include ApiOperations::Get
+    include ApiOperations::Patch
 
     attr_reader :redirect_uris
 
@@ -23,5 +24,18 @@ module Nylas
     def get_details
       get(path: "#{api_uri}/v3/applications")
     end
+
+    # Update application details.
+    #
+    # @param request_body [Hash] The values to update the application with. Include
+    #   +callback_uris+ entries with +id+ when preserving or updating existing
+    #   callback URIs.
+    # @return [Array(Hash, String)] The updated application details and API Request ID.
+    def update(request_body:)
+      patch(
+        path: "#{api_uri}/v3/applications",
+        request_body: request_body
+      )
+    end
   end
 end

data/lib/nylas/resources/bookings.rb

@@ -64,11 +64,13 @@ module Nylas
     # Delete a booking.
     # @param booking_id [String] The id of the booking to delete.
     # @param query_params [Hash, nil] Query params to pass to the request.
+    # @param request_body [Hash, nil] Optional body params (e.g. cancellation_reason).
     # @return [Array(TrueClass, String)] True and the API Request ID for the delete operation.
-    def destroy(booking_id:, query_params: nil)
+    def destroy(booking_id:, query_params: nil, request_body: nil)
       _, request_id = delete(
         path: "#{api_uri}/v3/scheduling/bookings/#{booking_id}",
-        query_params: query_params
+        query_params: query_params,
+        request_body: request_body
       )
 
       [true, request_id]

data/lib/nylas/resources/domains.rb

@@ -0,0 +1,269 @@
+# frozen_string_literal: true
+
+require_relative "resource"
+require_relative "../handler/api_operations"
+require_relative "../handler/service_account_signer"
+require "uri"
+
+module Nylas
+  # Module representing the possible 'type' values in a domain verification request.
+  # @see https://developer.nylas.com/docs/reference/api/manage-domains/
+  module DomainVerificationRequestType
+    OWNERSHIP = "ownership"
+    MX = "mx"
+    SPF = "spf"
+    DKIM = "dkim"
+    FEEDBACK = "feedback"
+  end
+
+  # Module representing the possible 'type' values in a domain verification result.
+  # @see https://developer.nylas.com/docs/reference/api/manage-domains/
+  module DomainVerificationType
+    OWNERSHIP = DomainVerificationRequestType::OWNERSHIP
+    MX = DomainVerificationRequestType::MX
+    SPF = DomainVerificationRequestType::SPF
+    DKIM = DomainVerificationRequestType::DKIM
+    FEEDBACK = DomainVerificationRequestType::FEEDBACK
+    DMARC = "dmarc"
+    ARC = "arc"
+  end
+
+  # Module representing the possible 'status' values in a domain verification result.
+  module DomainVerificationStatus
+    PENDING = "pending"
+    DONE = "done"
+    FAILED = "failed"
+  end
+
+  # Nylas Manage Domains API
+  #
+  # These endpoints require Nylas Service Account request signing. Pass headers
+  # containing `X-Nylas-Kid`, `X-Nylas-Timestamp`, `X-Nylas-Nonce`, and
+  # `X-Nylas-Signature` generated for the exact request being sent.
+  class Domains < Resource
+    include ApiOperations::Get
+    include ApiOperations::Post
+    include ApiOperations::Put
+    include ApiOperations::Delete
+
+    REQUIRED_SERVICE_ACCOUNT_HEADERS = %w[
+      X-Nylas-Kid
+      X-Nylas-Timestamp
+      X-Nylas-Nonce
+      X-Nylas-Signature
+    ].freeze
+    DOMAINS_PATH = "/v3/admin/domains"
+
+    # Return all domains for the caller's organization.
+    #
+    # @param query_params [Hash, nil] Query params to pass to the request.
+    #   Supported keys: `limit`, `page_token`.
+    # @param headers [Hash, nil] Nylas Service Account request signing headers.
+    # @param signer [ServiceAccountSigner, nil] Signer to generate Nylas Service Account headers.
+    # @return [Array(Array(Hash), String, String, Hash)]
+    #   The list of domains, API Request ID, next cursor, and response headers.
+    def list(headers: nil, query_params: nil, signer: nil)
+      request_headers, = signed_request_headers(method: :get, relative_path: DOMAINS_PATH,
+                                                headers: headers, signer: signer)
+
+      get_list(
+        path: full_path(DOMAINS_PATH),
+        query_params: query_params,
+        headers: request_headers
+      )
+    end
+
+    # Return a domain.
+    #
+    # @param domain_id [String] The identifier of the domain to return.
+    #   Accepts either a UUID or a domain address (FQDN/email format).
+    # @param headers [Hash, nil] Nylas Service Account request signing headers.
+    # @param signer [ServiceAccountSigner, nil] Signer to generate Nylas Service Account headers.
+    # @return [Array(Hash, String, Hash)] The domain, API request ID, and response headers.
+    def find(domain_id:, headers: nil, signer: nil)
+      relative_path = "#{DOMAINS_PATH}/#{encoded_domain_id(domain_id)}"
+      request_headers, = signed_request_headers(method: :get, relative_path: relative_path,
+                                                headers: headers, signer: signer)
+
+      get(
+        path: full_path(relative_path),
+        headers: request_headers
+      )
+    end
+
+    # Create a domain.
+    #
+    # @param request_body [Hash] The values to create the domain with.
+    #   Requires `name` and `domain_address`.
+    # @param headers [Hash, nil] Nylas Service Account request signing headers.
+    # @param signer [ServiceAccountSigner, nil] Signer to generate Nylas Service Account headers.
+    # @return [Array(Hash, String, Hash)] The created domain, API Request ID, and response headers.
+    def create(request_body:, headers: nil, signer: nil)
+      request_headers, serialized_body = signed_request_headers(
+        method: :post,
+        relative_path: DOMAINS_PATH,
+        body: request_body,
+        headers: headers,
+        signer: signer
+      )
+
+      request = {
+        path: full_path(DOMAINS_PATH),
+        request_body: serialized_body.nil? ? request_body : nil,
+        headers: request_headers
+      }
+      request[:serialized_json_body] = serialized_body unless serialized_body.nil?
+      post(**request)
+    end
+
+    # Update a domain.
+    #
+    # @param domain_id [String] The identifier of the domain to update.
+    #   Accepts either a UUID or a domain address (FQDN/email format).
+    # @param request_body [Hash] The values to update the domain with.
+    #   The response echoes only the updated fields, not a full domain object.
+    # @param headers [Hash, nil] Nylas Service Account request signing headers.
+    # @param signer [ServiceAccountSigner, nil] Signer to generate Nylas Service Account headers.
+    # @return [Array(Hash, String)] The updated domain fields and API Request ID.
+    def update(domain_id:, request_body:, headers: nil, signer: nil)
+      relative_path = "#{DOMAINS_PATH}/#{encoded_domain_id(domain_id)}"
+      request_headers, serialized_body = signed_request_headers(
+        method: :put,
+        relative_path: relative_path,
+        body: request_body,
+        headers: headers,
+        signer: signer
+      )
+
+      request = {
+        path: full_path(relative_path),
+        request_body: serialized_body.nil? ? request_body : nil,
+        headers: request_headers
+      }
+      request[:serialized_json_body] = serialized_body unless serialized_body.nil?
+      put(**request)
+    end
+
+    # Delete a domain.
+    #
+    # @param domain_id [String] The identifier of the domain to delete.
+    #   Accepts either a UUID or a domain address (FQDN/email format).
+    # @param headers [Hash, nil] Nylas Service Account request signing headers.
+    # @param signer [ServiceAccountSigner, nil] Signer to generate Nylas Service Account headers.
+    # @return [Array(TrueClass, String)] True and the API Request ID for the delete operation.
+    def destroy(domain_id:, headers: nil, signer: nil)
+      relative_path = "#{DOMAINS_PATH}/#{encoded_domain_id(domain_id)}"
+      request_headers, = signed_request_headers(method: :delete, relative_path: relative_path,
+                                                headers: headers, signer: signer)
+
+      _, request_id = delete(
+        path: full_path(relative_path),
+        headers: request_headers
+      )
+
+      [true, request_id]
+    end
+
+    # Get the DNS record info for a domain verification type.
+    #
+    # @param domain_id [String] The identifier of the domain.
+    #   Accepts either a UUID or a domain address (FQDN/email format).
+    # @param request_body [Hash] The verification attempt values. Requires `type`.
+    # @param headers [Hash, nil] Nylas Service Account request signing headers.
+    # @param signer [ServiceAccountSigner, nil] Signer to generate Nylas Service Account headers.
+    # @return [Array(Hash, String, Hash)]
+    #   The domain verification result, API Request ID, and response headers.
+    def info(domain_id:, request_body:, headers: nil, signer: nil)
+      relative_path = "#{DOMAINS_PATH}/#{encoded_domain_id(domain_id)}/info"
+      request_headers, serialized_body = signed_request_headers(
+        method: :post,
+        relative_path: relative_path,
+        body: request_body,
+        headers: headers,
+        signer: signer
+      )
+
+      request = {
+        path: full_path(relative_path),
+        request_body: serialized_body.nil? ? request_body : nil,
+        headers: request_headers
+      }
+      request[:serialized_json_body] = serialized_body unless serialized_body.nil?
+      post(**request)
+    end
+
+    # Trigger a DNS verification check for a domain verification type.
+    #
+    # @param domain_id [String] The identifier of the domain.
+    #   Accepts either a UUID or a domain address (FQDN/email format).
+    # @param request_body [Hash] The verification attempt values. Requires `type`.
+    # @param headers [Hash, nil] Nylas Service Account request signing headers.
+    # @param signer [ServiceAccountSigner, nil] Signer to generate Nylas Service Account headers.
+    # @return [Array(Hash, String, Hash)]
+    #   The domain verification result, API Request ID, and response headers.
+    def verify(domain_id:, request_body:, headers: nil, signer: nil)
+      relative_path = "#{DOMAINS_PATH}/#{encoded_domain_id(domain_id)}/verify"
+      request_headers, serialized_body = signed_request_headers(
+        method: :post,
+        relative_path: relative_path,
+        body: request_body,
+        headers: headers,
+        signer: signer
+      )
+
+      request = {
+        path: full_path(relative_path),
+        request_body: serialized_body.nil? ? request_body : nil,
+        headers: request_headers
+      }
+      request[:serialized_json_body] = serialized_body unless serialized_body.nil?
+      post(**request)
+    end
+
+    private
+
+    # Manage Domains uses Nylas Service Account signing headers instead of API-key bearer auth.
+    def api_key
+      nil
+    end
+
+    def full_path(relative_path)
+      "#{api_uri}#{relative_path}"
+    end
+
+    def encoded_domain_id(domain_id)
+      URI.encode_www_form_component(domain_id)
+    end
+
+    def signed_request_headers(method:, relative_path:, headers:, signer:, body: nil)
+      request_headers = headers.nil? ? {} : headers.dup
+      serialized_body = body.nil? ? nil : Nylas::ServiceAccountSigner.canonical_json(body)
+      if signer
+        signer_headers, serialized_body = signer.build_headers(
+          method: method,
+          path: relative_path,
+          body: body
+        )
+        request_headers.merge!(signer_headers)
+      end
+
+      validate_service_account_headers!(request_headers)
+      [request_headers, serialized_body]
+    end
+
+    def validate_service_account_headers!(headers)
+      header_values = headers || {}
+      normalized_headers = header_values.transform_keys do |key|
+        key.to_s.downcase
+      end
+      missing_headers = REQUIRED_SERVICE_ACCOUNT_HEADERS.select do |header|
+        normalized_headers[header.downcase].to_s.empty?
+      end
+
+      return if missing_headers.empty?
+
+      raise ArgumentError,
+            "Missing required service account authentication headers: #{missing_headers.join(', ')}"
+    end
+  end
+end

data/lib/nylas/resources/lists.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require_relative "resource"
+require_relative "../handler/api_operations"
+
+module Nylas
+  # Module representing the possible 'type' values for a List.
+  module ListType
+    DOMAIN = "domain"
+    TLD = "tld"
+    ADDRESS = "address"
+  end
+
+  # Nylas Lists API
+  #
+  # Lists are typed collections of domains, TLDs, or email addresses that can
+  # be referenced by Rules using the +in_list+ condition operator.
+  class Lists < Resource
+    include ApiOperations::Post
+
+    # Create a list for the application.
+    #
+    # @param request_body [Hash] The public values to create the list with.
+    #   Supported keys: +name+ (required, 1-256 chars), +type+ (required; one of
+    #   +domain+, +tld+, or +address+), and +description+ (optional). The server
+    #   assigns identifiers, item counts, timestamps, and application ownership.
+    # @return [Array(Hash, String, Hash)] The created list, API Request ID, and
+    #   response headers.
+    def create(request_body:)
+      post(
+        path: "#{api_uri}/v3/lists",
+        request_body: request_body
+      )
+    end
+  end
+end

data/lib/nylas/resources/policies.rb

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+
+require_relative "resource"
+require_relative "../handler/api_operations"
+
+module Nylas
+  # Nylas Policies API (beta)
+  #
+  # Policies define message limits, spam-detection settings, options, and linked
+  # rules for Nylas Agent Accounts. `application_id` and `organization_id` are
+  # derived from the API key / gateway headers and are read-only.
+  #
+  # Policy objects (the Hash returned/accepted by these methods) carry these keys:
+  # - +id+ [String] Policy UUID. Read-only; server-assigned on create.
+  # - +name+ [String] 1-256 chars. Required on create.
+  # - +application_id+ [String] Read-only; derived from the API key.
+  # - +organization_id+ [String] Read-only; derived from the API key.
+  # - +rules+ [Array<String>] Linked rule IDs.
+  # - +created_at+ [Integer] Unix timestamp (seconds). Read-only.
+  # - +updated_at+ [Integer] Unix timestamp (seconds). Read-only.
+  # - +limits+ [Hash] Per-policy limits. Returned as *effective* values resolved
+  #   against the org's billing plan, which may differ from what was sent. Keys:
+  #   - +limit_attachment_size_limit+ [Integer] Bytes; >= 0, <= plan max.
+  #   - +limit_attachment_count_limit+ [Integer] >= 0, <= plan max.
+  #   - +limit_attachment_allowed_types+ [Array<String>] MIME types from the plan allow-list.
+  #   - +limit_size_total_mime+ [Integer] Bytes; >= 0, <= plan max.
+  #   - +limit_storage_total+ [Integer] Bytes. Unlimited-capable: -1 = unlimited.
+  #   - +limit_count_daily_message_received+ [Integer] Per-grant daily received-message
+  #     cap. Unlimited-capable: -1 = unlimited.
+  #   - +limit_count_daily_email_sent+ [Integer] Per-grant daily sent-email cap.
+  #     Unlimited-capable: -1 = unlimited.
+  #   - +limit_inbox_retention_period+ [Integer] Days. Unlimited-capable: -1. Must be
+  #     greater than spam retention when both set.
+  #   - +limit_spam_retention_period+ [Integer] Days. Unlimited-capable: -1. Must be
+  #     shorter than inbox retention when both set.
+  # - +options+ [Hash] Policy options. Keys:
+  #   - +additional_folders+ [Array<String>] Only allowed when the plan permits.
+  #   - +use_cidr_aliasing+ [Boolean] Only allowed when the plan permits.
+  # - +spam_detection+ [Hash] Spam-detection settings. Keys:
+  #   - +use_list_dnsbl+ [Boolean] Always present in responses (false when unset).
+  #   - +use_header_anomaly_detection+ [Boolean] Always present in responses (false when unset).
+  #   - +spam_sensitivity+ [Float] 0.1-5.0 inclusive. Default 1.0.
+  #
+  # The unlimited sentinel for unlimited-capable fields is -1 only; values < -1 are
+  # rejected, and -1 is honored only when the plan permits unlimited for that field.
+  class Policies < Resource
+    include ApiOperations::Get
+    include ApiOperations::Post
+    include ApiOperations::Put
+    include ApiOperations::Delete
+
+    # Return all policies.
+    #
+    # The list envelope is flat: the data array is the policies themselves and
+    # +next_cursor+ is a top-level sibling. +next_cursor+ is present on every
+    # non-empty page (including the last) and is not a has-more flag; page until
+    # an empty data array is returned.
+    #
+    # @param query_params [Hash, nil] Query params to pass to the request
+    #   (e.g. +limit+ — default 10, no server max; +page_token+ — opaque cursor).
+    # @return [Array(Array(Hash), String, String, Hash)] The list of policies,
+    #   API Request ID, next cursor, and response headers.
+    def list(query_params: nil)
+      get_list(
+        path: "#{api_uri}/v3/policies",
+        query_params: query_params
+      )
+    end
+
+    # Return a policy.
+    #
+    # @param policy_id [String] The id of the policy to return.
+    # @return [Array(Hash, String, Hash)] The policy, API request ID, and response headers.
+    def find(policy_id:)
+      get(
+        path: "#{api_uri}/v3/policies/#{policy_id}"
+      )
+    end
+
+    # Create a policy.
+    #
+    # @param request_body [Hash] The values to create the policy with. Honored keys:
+    #   +name+ (required), +options+, +limits+, +rules+, +spam_detection+. Any
+    #   +id+/+created_at+/+updated_at+/+application_id+/+organization_id+ are ignored.
+    #   Omitted +limits+/+options+/+spam_detection+ sub-fields fall back to plan defaults.
+    # @return [Array(Hash, String, Hash)] The created policy, API Request ID, and response headers.
+    def create(request_body:)
+      post(
+        path: "#{api_uri}/v3/policies",
+        request_body: request_body
+      )
+    end
+
+    # Update a policy.
+    #
+    # The route verb is PUT, but the update is a partial nested merge: provided
+    # sub-objects (+limits+/+options+/+spam_detection+) are merged field-by-field
+    # onto the stored policy. Send only the fields you intend to change.
+    #
+    # @param policy_id [String] The id of the policy to update.
+    # @param request_body [Hash] The values to update the policy with. Honored keys:
+    #   +name+, +options+, +limits+, +rules+, +spam_detection+. Any
+    #   +id+/+created_at+/+updated_at+/+application_id+/+organization_id+ are ignored.
+    # @return [Array(Hash, String)] The updated policy and API Request ID.
+    def update(policy_id:, request_body:)
+      put(
+        path: "#{api_uri}/v3/policies/#{policy_id}",
+        request_body: request_body
+      )
+    end
+
+    # Delete a policy.
+    #
+    # @param policy_id [String] The id of the policy to delete.
+    # @return [Array(TrueClass, String)] True and the API Request ID for the delete operation.
+    def destroy(policy_id:)
+      _, request_id = delete(
+        path: "#{api_uri}/v3/policies/#{policy_id}"
+      )
+
+      [true, request_id]
+    end
+  end
+end

data/lib/nylas/resources/redirect_uris.rb

@@ -8,7 +8,7 @@ module Nylas
   class RedirectUris < Resource
     include ApiOperations::Get
     include ApiOperations::Post
-    include ApiOperations::Put
+    include ApiOperations::Patch
     include ApiOperations::Delete
 
     # Return all redirect uris.
@@ -47,7 +47,7 @@ module Nylas
     # @param request_body [Hash] The values to update the redirect uri with
     # @return [Array(Hash, String)] The updated redirect uri and API Request ID.
     def update(redirect_uri_id:, request_body:)
-      put(
+      patch(
         path: "#{api_uri}/v3/applications/redirect-uris/#{redirect_uri_id}",
         request_body: request_body
       )

data/lib/nylas/resources/rules.rb

@@ -0,0 +1,161 @@
+# frozen_string_literal: true
+
+require_relative "resource"
+require_relative "../handler/api_operations"
+
+module Nylas
+  # Module representing the possible 'trigger' values for a Rule.
+  module RuleTrigger
+    INBOUND = "inbound"
+    OUTBOUND = "outbound"
+  end
+
+  # Module representing the possible 'match.operator' values for a Rule.
+  module RuleMatchOperator
+    ANY = "any"
+    ALL = "all"
+  end
+
+  # Module representing the possible condition 'field' values for a Rule.
+  module RuleConditionField
+    FROM_ADDRESS = "from.address"
+    FROM_DOMAIN = "from.domain"
+    FROM_TLD = "from.tld"
+    RECIPIENT_ADDRESS = "recipient.address"
+    RECIPIENT_DOMAIN = "recipient.domain"
+    RECIPIENT_TLD = "recipient.tld"
+    OUTBOUND_TYPE = "outbound.type"
+  end
+
+  # Module representing the possible condition 'operator' values for a Rule.
+  module RuleConditionOperator
+    IS = "is"
+    IS_NOT = "is_not"
+    CONTAINS = "contains"
+    IN_LIST = "in_list"
+  end
+
+  # Module representing the possible 'outbound.type' condition values for a Rule.
+  module RuleOutboundType
+    COMPOSE = "compose"
+    REPLY = "reply"
+  end
+
+  # Module representing the possible action 'type' values for a Rule.
+  module RuleActionType
+    BLOCK = "block"
+    MARK_AS_SPAM = "mark_as_spam"
+    ASSIGN_TO_FOLDER = "assign_to_folder"
+    MARK_AS_READ = "mark_as_read"
+    MARK_AS_STARRED = "mark_as_starred"
+    ARCHIVE = "archive"
+    TRASH = "trash"
+  end
+
+  # Module representing the possible 'evaluation_stage' values in a rule evaluation.
+  module RuleEvaluationStage
+    SMTP_RCPT = "smtp_rcpt"
+    INBOX_PROCESSING = "inbox_processing"
+    OUTBOUND_SEND = "outbound_send"
+  end
+
+  # Nylas Rules API
+  class Rules < Resource
+    include ApiOperations::Get
+    include ApiOperations::Post
+    include ApiOperations::Put
+    include ApiOperations::Delete
+
+    # Return all rules.
+    #
+    # The list endpoint returns a nested envelope
+    # ({ request_id, data: { items: [...], next_cursor } }), so the items and
+    # cursor are unwrapped here defensively rather than via the standard
+    # get_list helper, which would mis-read the nested shape.
+    #
+    # @param query_params [Hash, nil] Query params to pass to the request.
+    # @return [Array(Array(Hash), String, String, Hash)]
+    #   The list of rules, API Request ID, next cursor, and response headers.
+    def list(query_params: nil)
+      response = get_raw(
+        path: "#{api_uri}/v3/rules",
+        query_params: query_params
+      )
+
+      data = response[:data]
+      # Unwrap only when the envelope actually carries an :items key. Go's
+      # ListWithCursorResult serializes a nil slice as "items": null, so coerce
+      # that to [] rather than falling back to the envelope hash itself.
+      items = if data.is_a?(Hash) && data.key?(:items)
+                data[:items] || []
+              else
+                data
+              end
+      next_cursor = data.is_a?(Hash) ? data[:next_cursor] : response[:next_cursor]
+
+      [items, response[:request_id], next_cursor, response[:headers]]
+    end
+
+    # Return a rule.
+    #
+    # @param rule_id [String] The id of the rule to return.
+    # @return [Array(Hash, String, Hash)] The rule, API request ID, and response headers.
+    def find(rule_id:)
+      get(
+        path: "#{api_uri}/v3/rules/#{rule_id}"
+      )
+    end
+
+    # Create a rule.
+    #
+    # @param request_body [Hash] The values to create the rule with.
+    # @return [Array(Hash, String)] The created rule and API Request ID.
+    def create(request_body:)
+      post(
+        path: "#{api_uri}/v3/rules",
+        request_body: request_body
+      )
+    end
+
+    # Update a rule. Only the provided fields are changed (partial update).
+    #
+    # @param rule_id [String] The id of the rule to update.
+    # @param request_body [Hash] The values to update the rule with.
+    # @return [Array(Hash, String)] The updated rule and API Request ID.
+    def update(rule_id:, request_body:)
+      put(
+        path: "#{api_uri}/v3/rules/#{rule_id}",
+        request_body: request_body
+      )
+    end
+
+    # Delete a rule.
+    #
+    # @param rule_id [String] The id of the rule to delete.
+    # @return [Array(TrueClass, String)] True and the API Request ID for the delete operation.
+    def destroy(rule_id:)
+      _, request_id = delete(
+        path: "#{api_uri}/v3/rules/#{rule_id}"
+      )
+
+      [true, request_id]
+    end
+
+    # Return all rule evaluations for a grant.
+    #
+    # This endpoint returns a flat array with no cursor, so the standard
+    # get_list helper is used (next_cursor is always nil).
+    #
+    # @param grant_id [String] The id of the grant to query rule evaluations for.
+    # @param query_params [Hash, nil] Query params to pass to the request.
+    # @return [Array(Array(Hash), String, String, Hash)]
+    #   The list of rule evaluations, API Request ID, next cursor (always nil
+    #   for this endpoint), and response headers.
+    def list_evaluations(grant_id:, query_params: nil)
+      get_list(
+        path: "#{api_uri}/v3/grants/#{grant_id}/rule-evaluations",
+        query_params: query_params
+      )
+    end
+  end
+end

data/lib/nylas/resources/workspaces.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+require_relative "resource"
+require_relative "../handler/api_operations"
+
+module Nylas
+  # Nylas Workspaces API
+  #
+  # A workspace groups grants in a Nylas application by email domain. Grants can be
+  # auto-grouped (by matching email domain) or manually assigned/removed.
+  class Workspaces < Resource
+    include ApiOperations::Get
+    include ApiOperations::Post
+    include ApiOperations::Patch
+    include ApiOperations::Delete
+
+    # Return all workspaces for the application.
+    #
+    # The list endpoint is not paginated; +data+ is a flat array of workspaces.
+    #
+    # @return [Array(Array(Hash), String, Hash)] The list of workspaces, API Request ID,
+    #   and response headers.
+    def list
+      get(
+        path: "#{api_uri}/v3/workspaces"
+      )
+    end
+
+    # Return a workspace.
+    #
+    # @param workspace_id [String] The id of the workspace to return. Accepts a workspace
+    #   UUID or an email domain.
+    # @return [Array(Hash, String, Hash)] The workspace, API Request ID, and response headers.
+    def find(workspace_id:)
+      get(
+        path: "#{api_uri}/v3/workspaces/#{workspace_id}"
+      )
+    end
+
+    # Create a workspace.
+    #
+    # @param request_body [Hash] The values to create the workspace with. Only +name+ is
+    #   required.
+    # @return [Array(Hash, String, Hash)] The created workspace, API Request ID, and
+    #   response headers.
+    def create(request_body:)
+      post(
+        path: "#{api_uri}/v3/workspaces",
+        request_body: request_body
+      )
+    end
+
+    # Update a workspace.
+    #
+    # The API exposes update via PATCH only (there is no PUT route). The workspace must be
+    # addressed by its UUID; a domain path param is not accepted on update.
+    #
+    # @param workspace_id [String] The UUID of the workspace to update.
+    # @param request_body [Hash] The values to update the workspace with.
+    # @return [Array(Hash, String)] The updated workspace and API Request ID.
+    def update(workspace_id:, request_body:)
+      patch(
+        path: "#{api_uri}/v3/workspaces/#{workspace_id}",
+        request_body: request_body
+      )
+    end
+
+    # Delete a workspace.
+    #
+    # @param workspace_id [String] The id of the workspace to delete. Accepts a workspace
+    #   UUID or an email domain.
+    # @return [Array(TrueClass, String)] True and the API Request ID for the delete operation.
+    def destroy(workspace_id:)
+      _, request_id = delete(
+        path: "#{api_uri}/v3/workspaces/#{workspace_id}"
+      )
+
+      [true, request_id]
+    end
+
+    # Auto-group grants into workspaces by matching email domain.
+    #
+    # Runs as a background job and returns immediately with a job ID. Rate limited to one
+    # call per minute per application.
+    #
+    # @param request_body [Hash] Optional filters to scope which grants are grouped,
+    #   including +after_created_at+, +invalid_also+, and +specific_domain+.
+    # @return [Array(Hash, String, Hash)] The job info, API Request ID, and response headers.
+    def auto_group(request_body: nil)
+      post(
+        path: "#{api_uri}/v3/workspaces/auto-group",
+        request_body: request_body
+      )
+    end
+
+    # Manually assign grants to or remove grants from a workspace.
+    #
+    # @param workspace_id [String] The id of the workspace to update. Accepts a workspace
+    #   UUID or an email domain.
+    # @param request_body [Hash] The grants to assign and/or remove (+assign_grants+,
+    #   +remove_grants+).
+    # @return [Array(Hash, String, Hash)] The assignment result, API Request ID, and
+    #   response headers.
+    def manual_assign(workspace_id:, request_body:)
+      post(
+        path: "#{api_uri}/v3/workspaces/#{workspace_id}/manual-assign",
+        request_body: request_body
+      )
+    end
+  end
+end

data/lib/nylas/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Nylas
-  VERSION = "6.7.1"
+  VERSION = "6.8.0"
 end

data/lib/nylas.rb

@@ -12,6 +12,7 @@ require_relative "nylas/client"
 require_relative "nylas/config"
 
 require_relative "nylas/handler/http_client"
+require_relative "nylas/handler/service_account_signer"
 
 require_relative "nylas/resources/applications"
 require_relative "nylas/resources/attachments"
@@ -24,11 +25,16 @@ require_relative "nylas/resources/drafts"
 require_relative "nylas/resources/events"
 require_relative "nylas/resources/folders"
 require_relative "nylas/resources/grants"
+require_relative "nylas/resources/lists"
 require_relative "nylas/resources/messages"
 require_relative "nylas/resources/notetakers"
 require_relative "nylas/resources/smart_compose"
 require_relative "nylas/resources/threads"
 require_relative "nylas/resources/redirect_uris"
+require_relative "nylas/resources/policies"
+require_relative "nylas/resources/rules"
+require_relative "nylas/resources/workspaces"
+require_relative "nylas/resources/domains"
 require_relative "nylas/resources/webhooks"
 require_relative "nylas/resources/scheduler"
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nylas
 version: !ruby/object:Gem::Version
-  version: 6.7.1
+  version: 6.8.0
 platform: ruby
 authors:
 - Nylas, Inc.
@@ -283,6 +283,7 @@ files:
 - lib/nylas/errors.rb
 - lib/nylas/handler/api_operations.rb
 - lib/nylas/handler/http_client.rb
+- lib/nylas/handler/service_account_signer.rb
 - lib/nylas/resources/applications.rb
 - lib/nylas/resources/attachments.rb
 - lib/nylas/resources/auth.rb
@@ -293,19 +294,24 @@ files:
 - lib/nylas/resources/connectors.rb
 - lib/nylas/resources/contacts.rb
 - lib/nylas/resources/credentials.rb
+- lib/nylas/resources/domains.rb
 - lib/nylas/resources/drafts.rb
 - lib/nylas/resources/events.rb
 - lib/nylas/resources/folders.rb
 - lib/nylas/resources/grants.rb
+- lib/nylas/resources/lists.rb
 - lib/nylas/resources/messages.rb
 - lib/nylas/resources/notetakers.rb
+- lib/nylas/resources/policies.rb
 - lib/nylas/resources/redirect_uris.rb
 - lib/nylas/resources/resource.rb
+- lib/nylas/resources/rules.rb
 - lib/nylas/resources/scheduler.rb
 - lib/nylas/resources/sessions.rb
 - lib/nylas/resources/smart_compose.rb
 - lib/nylas/resources/threads.rb
 - lib/nylas/resources/webhooks.rb
+- lib/nylas/resources/workspaces.rb
 - lib/nylas/utils/file_utils.rb
 - lib/nylas/version.rb
 licenses: