kingfisher/crates/kingfisher-rules/data/rules/nylas.yml

rules:
  # Helper: capture the Nylas API base URI (data residency) from config/env so validation hits the right region.
  - name: Nylas API URI
    id: kingfisher.nylas.api_uri.1
    visible: false
    confidence: medium
    min_entropy: 2.0
    pattern: |
      (?xi)
      \b
      (
        https://api\.(?:us|eu)\.nylas\.com
      )
      \b
    examples:
      - https://api.us.nylas.com
      - https://api.eu.nylas.com

  - name: Nylas API Key
    id: kingfisher.nylas.1
    pattern: |
      (?xi)
      \b
      nylas
      (?:.|[\n\r]){0,64}?
      (?:api[_-]?key|apikey|secret|private|access|token)
      (?:.|[\n\r]){0,64}?
      \b
      (
        nyk_[A-Z0-9]{67}   # common v3 API key format (71 chars total)
        |
        [0-9A-Z]{30}       # legacy/older patterns seen in repos
      )
      \b
    pattern_requirements:
      min_digits: 4
    min_entropy: 3.3
    confidence: medium
    examples:
      - NYLAS_API_KEY=nyk_0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234
      - nylas_token = 2temab2qpfioneggb01j2dhfllqgiu
    references:
      - https://developer.nylas.com/docs/v3/auth/hosted-oauth-apikey/
      - https://developer.nylas.com/docs/v3/notifications/
    depends_on_rule:
      - rule_id: kingfisher.nylas.api_uri.1
        variable: NYLAS_API_URI
    validation:
      type: Http
      content:
        request:
          method: GET
          url: "{{ NYLAS_API_URI }}/v3/webhooks"
          headers:
            Authorization: "Bearer {{ TOKEN }}"
            Accept: "application/json"
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: WordMatch
              words: ['"request_id"', '"data"']