For developers

Ship an AI agent with real email in 15 minutes.

One MCP endpoint for email, calendar, and contacts. OAuth 2.1, device code, and human approval — all built in. Skip the months of plumbing.

MCP-nativeOAuth 2.1 + PKCEDevice code flowHuman approval engineAudit trailFree tier

Get free API key Read 3-step quickstartNo credit card

Quick start

Three steps. Under 15 minutes.

Create an account

Connect your email or create a free agent inbox on nylas.email.

Connect email →

Generate an API key

Go to Deploy and create a REST API key. You'll get a key starting with nyi_.

Get started →

Make your first call

curl -s https://api.helix.nylas.com/api/v1/email/threads \
  -H "Authorization: Bearer nyi_YOUR_KEY" | head -c 500

MCP endpoint

One URL. Every AI tool.

Point Claude, ChatGPT, Cursor, or any MCP-compatible client at this endpoint. OAuth 2.1 handles auth automatically.

MCP Endpoint https://api.helix.nylas.com/mcp
Discovery https://api.helix.nylas.com/.well-known/mcp.json
OAuth Metadata https://api.helix.nylas.com/.well-known/oauth-protected-resource

Claude Code

claude mcp add helix \
  --transport sse \
  "https://api.helix.nylas.com/mcp"

Cursor

// .cursor/mcp.json
{
  "mcpServers": {
    "helix": {
      "url": "https://api.helix.nylas.com/mcp"
    }
  }
}

VS Code

// .vscode/settings.json
{
  "mcp.servers": {
    "helix": {
      "url": "https://api.helix.nylas.com/mcp"
    }
  }
}

n8n (REST)

GET https://api.helix.nylas.com/api/v1/email/threads
Authorization: Bearer nyi_YOUR_KEY

MCP tools

10 tools. Email, calendar, contacts, identity.

Every tool respects the user's approval policy. Mutating actions (send, create) return pending_approval when the user requires human review.

email_searchemail.read

Search emails by query, sender, date range, or unread status

params: query?, from?, to?, subject?, after?, before?, unread?, limit?

email_reademail.read

Read full body and metadata of a message by ID

params: message_id

email_sendemail.send

Compose and send email (subject to approval policy)

params: to[], subject, body, reply_to_message_id?

email_replyemail.send

Reply to a thread matching the user's communication style

params: thread_id, body

calendar_eventscalendar.read

List calendar events within a date range

params: start?, end?, calendar_id?, limit?

calendar_event_createcalendar.write

Create a calendar event (subject to approval policy)

params: title, start_time, end_time, description?, participants?

calendar_availabilitycalendar.read

Check free/busy times across people for scheduling

params: emails[], start, end, duration_minutes?

contact_searchcontacts.read

Search contacts by name, email, or company

params: query, limit?

identity_get_contextidentity.read

Get the user's communication style, preferences, and timezone

params: (none)

meta_whoamiidentity.read

Get authenticated user info, granted scopes, and rate limit status

params: (none)

REST API

Prefer HTTP? Use the REST endpoints directly.

GET/api/v1/email/threadsList email threads

GET/api/v1/email/threads/:threadIdGet thread detail

GET/api/v1/email/messages/:messageIdRead full message

POST/api/v1/email/sendSend email (approval-gated)

GET/api/v1/calendar/eventsList calendar events

POST/api/v1/calendar/eventsCreate event (approval-gated)

GET/api/v1/contactsSearch contacts

GET/api/v1/identityGet identity config

GET/api/v1/identity/pending-actionsList pending approvals

POST/api/v1/identity/pending-actions/:id/approveApprove action

Skip the boilerplate

What Helix saves you from.

Most of the work in shipping an agent that acts as a user is identity plumbing. Helix already did it.

No Google verification queue

Restricted Gmail scopes normally require a 2-to-8-week Google verification and a third-party CASA audit. Helix runs on a finalised Nylas application — your users see a verified consent screen on day one.

No silent refresh-token death

Unverified Google apps invalidate refresh tokens after seven days. Helix uses production Nylas v3 token management; refresh, rotation, and revocation are handled out of band.

No Dynamic Client Registration fights

The MCP OAuth 2.1 draft expects DCR, which most identity providers do not implement. Helix exposes a compliant remote MCP endpoint so your client never sees the mismatch.

No abandoned-server risk

Audits of the public MCP registry put the abandonment rate above fifty percent. The Helix MCP server is hosted, signed, and versioned through Changesets on the only public package in this repo.

No bespoke audit trail

Native MCP logging is built for debugging, not evidence. Helix records every send, calendar write, and approval decision with identity, approver, and matched-rule fields — exportable for SOC 2 review.

No per-user OAuth app

Multi-tenant identity is the open wound in MCP. Each Helix identity has its own sponsor, tokens, scopes, and approval rules — bound to the agent, not to the client.

Why Helix

Not just email. An identity your agents share.

vs. AgentMail

AgentMail is email-only. Helix adds calendar, contacts, configurable identity, and a human approval engine. One endpoint, complete context.

vs. Composio

Composio offers 850+ connectors but no identity layer, no approval engine, no custom instructions. It's auth middleware. Helix is a complete agent identity.

vs. raw Gmail API

No OAuth flow to build. No token refresh to handle. No scope management. No approval logic. Helix handles all of it. You call email_search.

vs. building it yourself

An OAuth server, MCP endpoint, approval queue, audit trail, and admin UI. That's months of work. Or 15 minutes with Helix.

Authentication

Three ways to authenticate.

OAuth 2.1 (for web/desktop clients)

Standard authorization code flow with PKCE. Claude, ChatGPT, Cursor, and most MCP clients handle this automatically when you paste the MCP URL.

Device code flow (for headless agents)

RFC 8628. For cron jobs, CLI tools, and server-side agents that can't open a browser. Request a device code, display it to the user, poll for approval.

API key (for direct REST access)

Bearer token authentication. Generate a key in the Deploy dashboard. Keys start with nyi_ and support granular scope control.

Human approval engine

Ship agents to production with confidence.

Every mutating tool call can be gated by the user's approval policy. Pass a confidence score with your request — if it exceeds the user's threshold, the action executes. Otherwise, it queues for human review.

// Your agent calls email_send via MCP
{
  "tool": "email_send",
  "arguments": {
    "to": [{ "email": "investor@acme.com" }],
    "subject": "Q4 Update",
    "body": "Hi Sarah, attached is our Q4 investor update..."
  }
}

// If user's approval policy = "sensitive" and
// confidence < threshold → response:
{
  "status": "pending_approval",
  "pendingActionId": "act_8x7k...",
  "summary": "Send email to investor@acme.com: Q4 Update"
}
// User approves in Helix UI → email sends

15 minutes to your first API call.

Connect your email, generate an API key, start shipping. Free tier — no credit card.

Get free API key