Superhuman’s new auto-draft feature almost makes me like AI replies
Superhuman’s latest AI email drafting feature is its most convincing yet, generating replies that often required little to no editing in our testing.
找到 56 篇相关文章
Superhuman’s latest AI email drafting feature is its most convincing yet, generating replies that often required little to no editing in our testing.
When an autonomous agent gets an email address of its own, the first question your security team asks isn't "can it send mail?" It's "can you prove, six months from now, exactly what it said and to whom?" That's a different problem from "does it work." A demo that fires off a few support replies looks great in a sprint review. But the moment a real customer says "your bot promised me a refund," or a regulator asks for the complete record of what an automated system told a data subject, you need a defensible trail — an immutable record of every outbound and inbound message the agent touched, captured outside the mailbox the agent can also delete from. I work on the Nylas CLI, so the terminal commands below are the exact ones I reach for. But the architectural point here is provider-agnostic and it's the part most "AI email" tutorials skip: the live mailbox is not your audit log. It's mutable, it has retention limits, and the same agent that sends mail can also trash it. If your only record of what the agent did lives in the inbox, you don't have an audit trail — you have a working copy. What "audit-log everything" actually means There are two stores in this design, and keeping them separate is the whole point. The live mailbox — the Agent Account grant. Messages flow in and out here. It's queryable, it's real-time, and it's mutable . Flags change, messages move folders, things get trashed. On the free plan it's also retention-limited: 30 days for the inbox, 7 days for spam. The audit store — your system. An append-only, write-once log keyed by message_id and thread_id . Nothing in it is ever updated or deleted in normal operation. This is the record you hand a reviewer. The audit store is the thing you build. Nylas gives you the two capture points — the send response and the inbound webhook — but the immutability is your responsibility. That means a WORM (write-once-read-many) object store, an append-only table with no UPDATE / DELETE grant for the app role, or a has
Most multi-tenant SaaS apps that send email do it from one shared identity. There's a notifications@yourapp.com , every customer's mail flows through it, and the tenant is just a from_name you stamp on the subject line or a footer you swap out. That's fine until it isn't — until Tenant A's spam complaints drag down Tenant B's deliverability, until a reply from a customer lands in a single firehose inbox you now have to fan back out, until one tenant wants a stricter send cap than another and you realize you built none of that into the data model. So let's not share. Let's give every tenant its own real mailbox — a dedicated Agent Account per customer, each with its own grant_id , its own send identity, its own policy and limits, grouped into its own workspace. Not one inbox with a thousand label hacks. A thousand inboxes, isolated by construction. I work on the Nylas CLI, so the terminal commands below are the exact ones I reach for when I'm wiring this up. Every step gets the two-angle tour: the raw curl call and the nylas command that does the same thing. Why per-tenant beats one shared sender The shared-sender model fails along a few predictable seams. Per-tenant Agent Accounts close each one: Deliverability blast radius. When everyone sends from one address, one tenant's bounce rate and spam complaints poison the reputation everyone shares. Per-tenant accounts — and, if you want, per-tenant domains — keep one customer's bad behavior from sinking the rest. Inbound that actually belongs to someone. A shared sender means replies come back to one mailbox and you're left correlating them to tenants by hand. When each tenant has its own grant, an inbound message.created event already carries the grant_id . The routing is done before your handler runs. Per-tenant policy and limits. Different customers, different rules. A trial tenant capped at a low daily send; an enterprise tenant with a higher quota and longer retention. With a shared sender you'd build all of that y
Most teams test email by not testing it. The send path gets a mock — expect(transport.send).toHaveBeenCalledWith(...) — and everyone agrees that's "good enough." The receive path gets skipped entirely, because there's no honest way to assert on a real inbox from a test runner. So the one part of your system that talks to the outside world over an unreliable, asynchronous, third-party channel is the part with the least coverage. That's backwards. The reason email is hard to test isn't the sending. It's the asserting . You can fire POST /messages/send all day, but to prove the message actually left, rendered correctly, and arrived with the body you expected, you need a real mailbox you control — one you can read programmatically and throw away when the run finishes. Shared Gmail test accounts almost get you there, but they bring OAuth on the runner, catch-all races between parallel workers, and a 90-day token that expires the night before a release. This post is about a different fixture: a disposable Agent Account created at the start of a CI run and deleted at the end. You mint a real mailbox per run (or per test), point your application at it, send and receive real mail, assert on the actual message body, and tear the whole thing down. No OAuth. No shared inbox. No leftover state. What an Agent Account gives you here An Agent Account is just a Nylas grant with a grant_id . That's the whole trick, and it's worth saying plainly because it's what makes this pattern cheap: an Agent Account works with every grant-scoped endpoint you already know — Messages, Drafts, Threads, Folders, Attachments, Webhooks. There's nothing new to learn on the data plane . If you've ever called GET /v3/grants/{grant_id}/messages , you already know how to read a test inbox. The difference from a normal grant is provisioning. A regular grant needs a real human to complete an OAuth flow. An Agent Account is created with a single API call — no OAuth screen, no refresh token, no human. It's a m
Most "AI email agent" demos quietly assume the agent answers everything. Point a model at the inbox, generate a reply, send it, repeat. That's a fine loop right up until the model hits a message it shouldn't touch — an angry customer, a legal question, a refund the agent has no authority to approve — and confidently fires off a reply anyway. The expensive failures in agent email aren't the threads the agent gets wrong. They're the threads the agent answers at all when it should have stepped back. So let's build the part that steps back. Not the classifier that decides a message is risky — that's triage , a separate problem. This is the handoff : once something flags a thread as "needs a human," how do you actually pull the whole conversation out of the agent's reach, park it where a person can find it, and make sure the agent keeps its hands off until that person clears it? I work on the Nylas CLI, so the terminal commands below are the exact ones I reach for when I wire up an escalation path. Every operation gets the two-angle tour: the raw curl call and the nylas command that does the same thing. What the handoff actually needs An Agent Account is, underneath, just a Nylas grant with a grant_id . That's the spine of everything here, and it's worth sitting with: there is nothing new to learn on the data plane. The same grant-scoped endpoints you already use — Messages, Threads, Folders, Drafts — work against this grant exactly the way they work against any Gmail or Microsoft grant you got through OAuth. So the escalation path isn't some special agent feature. It's three plain operations you already half-know: A place to put escalated threads. A custom folder — call it Needs human — that lives alongside the six system folders every Agent Account ships with ( inbox , sent , drafts , trash , junk , archive ). A way to move the whole thread there. Not one message — the thread . A reply is just the latest message in a conversation; a reviewer needs the full chain. A way
Most "AI email agent" demos end with a triumphant send . The model writes a reply, the code POSTs it, and a real message lands in a real stranger's inbox. That's a great demo and a terrible production default. The moment your agent can send mail with nobody watching, you've handed an LLM a corporate email address and the standing authority to use it. One hallucinated price, one confidently wrong refund promise, one apology to the wrong customer, and you're explaining to legal why a bot signed an email as your company. There's a boring, durable fix that predates AI by decades: don't send — draft. Stage the message, put a human in front of it, and only send once someone with a name and a pulse approves. Email systems have had a "Drafts" folder forever for exactly this reason. The Nylas Drafts API turns that folder into something better — an approval queue your agent writes into and your reviewers drain. This post builds that queue. The agent creates a draft, a human reviews the pending drafts, and an approved draft gets sent byte-for-byte unchanged . No re-rendering, no "the agent regenerates it on approval" race where the thing you approved isn't the thing that ships. I work on the Nylas CLI, so the terminal commands below are the exact ones I reach for, and I'll pair every one with the raw curl so you can wire it into a backend in whatever language you like. This is deliberately not about escalating inbound threads to a human (that's a different problem, where the trigger is a message arriving). Here the trigger is the agent wanting to send , and the gate sits on the outbound path. Why a draft is the right approval primitive You could build approval a dozen ways. You could buffer the agent's output in a queue table and call send later. You could stash a JSON blob in Redis. Both work, and both quietly reinvent something the email stack already gives you. A draft is a real, persisted email object , on the mailbox, with a stable id . That buys you three things a homegr
By the team at MailTester Ninja — a real-time email verification API that stores nothing. Everyone says "IPv6 is here." For the web, mostly true. For email , it is a mirage. We resolved the MX records of 50,000 of the most-linked domains and checked whether any of their mail servers publish an AAAA record, meaning they can actually receive over IPv6. No sending, no personal data, just DNS. 55.2% of mail-enabled domains have at least one IPv6-capable MX. That sounds healthy. It is not, because two companies carry almost the whole number: Email provider IPv6 MX Other / self-hosted ██░░░░░░░░ 18.4% Google Workspace / Gmail ██████████ 100% Microsoft 365 / Outlook █████████░ 91.3% Proofpoint ░░░░░░░░░░ 0.6% Mimecast ░░░░░░░░░░ 0% Tencent QQ ░░░░░░░░░░ 4.2% Namecheap ░░░░░░░░░░ 0.2% Cisco IronPort ░░░░░░░░░░ 4.5% Zoho ░░░░░░░░░░ 0% Barracuda ░░░░░░░░░░ 0% Google ( 100% ) and Microsoft ( 91.3% ) run IPv6 on nearly every inbox. Remove those two, the providers that already anchor most of the world's mail, and IPv6 email adoption falls from 55.2% to 12.9% . The enterprise security gateways that gate corporate mail, such as Proofpoint, Mimecast and Barracuda, are effectively not on IPv6 at all. Why it matters for deliverability. IPv6-only sending is a dead end. It reaches Gmail and Outlook and little else. Dual-stack is not optional. IPv4 is still the backbone of email, and that is where blocklists, FCrDNS and IP reputation are mature. The takeaway: IPv6 email is not adopted. Google and Microsoft adopted it for you. Plan your sending for an IPv4 world with two big IPv6 exceptions. Check any domain yourself — our free deliverability analyzer shows a domain's MX / SPF / DMARC in one click (no signup, nothing stored). Need to confirm whether a specific mailbox actually exists and is deliverable? That is exactly what MailTester Ninja's email verifier does in real time — and we store no data. Source: MailTester Ninja's open Email Infrastructure Index — a live DNS scan of 50,000 of
Most "AI email" demos never think about deletion. The agent reads, replies, files things away, and the inbox just grows. That's fine in a demo. It is a problem the first time a real person emails your agent, because the moment that mailbox holds someone else's name, address, order history, or support complaint, you've taken on a data-protection obligation — and "we kept everything forever" is not a defensible retention policy. An Agent Account on Nylas accumulates personal data you have to be able to purge. It's a mailbox the agent owns — support@yourcompany.com answering to a model instead of a human — and every inbound message lands in it. Under GDPR that data needs two things you can prove: a retention window so it doesn't live forever, and an erasure path so you can delete a specific person's mail when they ask. This post builds both, with the curl and the CLI for each step. A quick, honest caveat before any of it: this is a docs-and-demo walkthrough, not legal advice. The Nylas primitives below cover the mail held in the mailbox . Any derived copy you made — rows in your own database, lines in your application logs, a vector store you embedded the message into — is yours to purge separately. The API can delete the message; it can't reach into your Postgres. Keep that in mind throughout. What the platform gives you Nothing new to learn on the data plane. An Agent Account is just a grant with a grant_id , so everything you already know about Messages and Threads applies directly — listing, reading, and deleting mail run against the same grant-scoped endpoints any other Nylas integration uses. Retention and erasure split cleanly into two layers: Retention is a control-plane setting. It lives on a policy — an application-scoped resource that bundles limits and spam settings — attached to the workspace your Agent Account belongs to. Two fields cap how long mail survives: limit_inbox_retention_period and limit_spam_retention_period . Set them once and Nylas deletes a
Spam traps are the failure mode nobody puts in the demo. A bounce is loud — you get a 5.x.x back, your code logs it, you move on. A complaint at least gives you a webhook. A spam trap gives you nothing . The message gets accepted, no error comes back, and somewhere a mailbox provider quietly writes your domain down as a spammer. By the time you notice, your inbox placement has already cratered and you have no single bounce to point at. That's the trap, literally. And it's the one that bites autonomous agents the hardest, because the whole appeal of an agent is that it acts without a human watching every send. Point a model at a list it scraped, let it loop, and it'll happily mail a recycled address that's been a trap for two years. The agent never sees a problem. You only see the aftermath in your deliverability dashboard a week later. I work on the Nylas CLI, so the terminal commands below are the exact ones I reach for when I'm wiring up an Agent Account to not do this. The good news is that an Agent Account is just a grant — a grant_id that works with every grant-scoped endpoint you already know — so there's nothing new to learn on the data plane. The defense is mostly discipline: validate before you send, honor every complaint, and age out the addresses that never wanted to hear from you. What a spam trap actually is, and why it's not a bounce It's worth being precise here, because the three things people lump together behave completely differently. A bounce is a rejected delivery. The receiving server tells you the address is bad, you get a message.bounced event, and you stop. Bounce handling is a solved problem — you listen, you suppress, you're done. A complaint is a recipient hitting "report spam." The mailbox provider relays that back as a feedback loop, and you get a message.complaint event. The address is real and reachable; the human just doesn't want your mail. If you keep mailing them, you're training the provider to filter you. A spam trap is neither.
Research appears to reveal a bug that could render the feature effectively useless.
Vendor onboarding usually starts with one clean request and then turns into a messy thread. Procurement asks for a W-9, security asks for a SOC 2 report, finance asks for remittance details, legal asks for an executed agreement, and the vendor replies with four attachments across three messages because different people own different parts of the process. That is exactly the kind of workflow where a generic "AI email assistant" gets risky. You do not want a model improvising legal language, requesting bank details in the wrong channel, or forwarding a confidential report to the wrong internal alias. You want the agent to own the repetitive coordination while your application keeps the state machine, policy, audit log, and approvals. The pattern I reach for is a dedicated Nylas Agent Account: vendors@yourcompany.com . It is a real mailbox the onboarding agent owns. It receives the vendor's replies, detects what is attached, updates your vendor record, sends safe reminders, and escalates missing or sensitive items to a human. The agent is not borrowing an employee's inbox, and it is not scraping a shared procurement mailbox. It has a grant, an email address, webhooks, threads, folders, and the same Messages API you would use for any other mailbox. I work on the Nylas CLI, so the terminal examples below use the commands I would use while building and debugging this flow. I also include the raw API calls because the production version belongs in your service, not in a shell script. What the agent should own Start by drawing the boundary tightly. A vendor onboarding agent should own message handling and coordination, not business approval. Good responsibilities: Receive vendor replies at a stable address. Read message bodies and attachment metadata. Match a reply to an existing vendor record. Detect which onboarding items are complete, missing, expired, or unreadable. Draft reminders and status updates. Schedule handoff calls when the vendor asks for help. Escalate sensit
By the team at MailTester Ninja — a real-time email verification API that stores nothing. We verify a lot of email for a living. So we pointed our infrastructure at a representative panel of 50,000 of the world's most-linked domains and measured how email is actually configured in 2026 — MX providers, SPF and DMARC. Pure DNS, aggregate only, no personal data . Here's what the internet's mail setup looks like right now. Email is still (almost) everywhere 79.9% of these domains are mail-enabled (they publish MX records). Email isn't going anywhere. Authentication: adopted, but not enforced 75.8% publish an SPF record 64% publish a DMARC record …but only 22.6% actually enforce it with p=reject That last number is the real story. Of the domains that bother to publish DMARC, only 35.2% are on p=reject — the rest sit on p=none (37.2%, monitoring only) or quarantine (27.6%). Most of the web announces a policy it doesn't enforce. That's a deliverability and spoofing gap hiding in plain sight. Who runs the world's inboxes? Other / self-hosted — 32.6% Google Workspace / Gmail — 28.2% Microsoft 365 / Outlook — 22.5% Proofpoint — 5.5% Mimecast — 3.1% Tencent QQ — 2% Namecheap — 1.3% Cisco IronPort — 0.9% Self-hosted and the two hyperscalers (Google Workspace and Microsoft 365) dominate, but the long tail of providers is very real — which is exactly why deliverability is hard: every provider blocks, greylists and reputation-scores differently. Why we publish this We built an open, daily-updated dataset and a live dashboard because deliverability decisions should be based on data, not folklore. It's CC BY 4.0 — use it, cite it, build on it. Want to check a specific domain? Our free analyzer shows any domain's MX / SPF / DMARC in one click — no signup, nothing stored. Methodology: Live DNS scan (MX/SPF/DMARC). Aggregate only — no email sent, no personal data. Sample updated Wed, 01 Jul 2026 12:31:00 GMT.
Most multi-tenant email-agent setups give every customer the same caps. Your free-tier user who signed up an hour ago and your enterprise account doing thousands of sends a day hit the exact same daily send limit, the exact same storage ceiling, the exact same retention window. That's fine right up until a free trial account starts hammering your infrastructure, or an enterprise customer files a ticket because their agent stopped sending at noon UTC and nobody can explain why. Free-tier and enterprise tenants shouldn't share the same caps. They have different risk profiles, different contractual obligations, and different billing. The trick is to make the quota a property of the tier, not a property of each individual account — so when you provision a new tenant you don't compute limits, you just drop them into the right bucket and the limits come along for free. With Nylas Agent Accounts that bucket is a workspace , and the caps live on a policy you attach to it. Set up one policy per tier, attach each to its tier's workspace, and every Agent Account in that workspace inherits the policy's send, storage, and retention limits automatically. No per-account configuration, no drift. I work on the Nylas CLI, so the terminal commands below are the exact ones I reach for when I'm wiring this up. As always, I'll show both the raw HTTP call and the CLI equivalent for every step, because half of you live in scripts and the other half live in your app code. What you actually get An Agent Account is just a Nylas grant with a grant_id — a managed mailbox that can send and receive on a domain you've registered. Everything grant-scoped works against it: Messages, Drafts, Threads, Folders, the lot. There's nothing new to learn on the data plane. A policy is a reusable bundle of limits and spam settings. One policy can govern many accounts. The limits we care about for tiering are: limit_count_daily_email_sent — how many messages an account can send per day. limit_storage_total — t
Email authentication has been "solved" on paper for years. SPF, DKIM, and DMARC are old standards, every deliverability guide repeats them, and Google and Yahoo made DMARC effectively mandatory for bulk senders in 2024. So I expected the top of the web to be in good shape. In June 2026 I ran SPF, DKIM, DMARC, and MTA-STS checks across the Tranco top 10,000 domains, using public resolvers (1.1.1.1 and 8.8.8.8) and the same checks my own tool runs. The records are public DNS, so anyone can reproduce this. The picture is worse than the "solved problem" framing suggests, and the interesting part is not adoption, it is where people stop. A third of the top 10k still have no DMARC 3,318 of the 9,937 domains that resolved (33.4%) publish no DMARC record at all. These are not obscure sites, they are the most-visited domains on the web. Without DMARC a receiver has no published instruction for what to do when SPF and DKIM fail, and you get none of the aggregate reporting that tells you who is sending as you. It does get better at the very top. Among the top 1,000 domains, 28.4% have no DMARC, versus 34% across the rest of the 10k. Better, not good. The real problem is p=none, not missing records This is the number that actually matters. Of the 6,619 domains that do publish DMARC, only 46.5% are at p=reject . About a quarter (26%) are still sitting at p=none . p=none is monitor-only. It asks receivers to report what they see and to enforce nothing. It is the correct first step: publish p=none , collect aggregate reports, fix the sources that should be passing, then tighten the policy. The trouble is that p=none is also where most deployments quietly stop. The reports start arriving, nobody reads them, and the domain sits unprotected behind a policy that does nothing while looking like progress. Moving from p=none to p=reject is the step that turns DMARC from a dashboard into a defense, and it is the step most people never finish. I wrote up the safe way to make that move , si
The company said it is discontinuing its email inbox in favor of its AI agent offering as users are increasingly handing over the reins of their email to the agents.
Notion is "going all in on using agents to run your inbox."
Here's a thing that surprises people the first time: an email sent through the API does not carry the signature the user set up in Gmail or Outlook. Provider signatures live in the provider's compose UI, and a programmatic send bypasses that entirely, so a message your app sends goes out with no signature at all unless you add one. The Nylas Signatures API is how you add it: store an HTML signature once, then attach it to a send by ID, and the signature gets appended to the message for you. This post covers signatures from two angles: the HTTP API your backend calls, and the nylas CLI for creating and testing one from the terminal. I work on the CLI, so the terminal commands below are the ones I reach for when I'm setting a signature up. Nylas signatures are separate from provider signatures The first thing to get straight is that these are not the user's existing signature. Nylas doesn't sync the signature configured in Gmail, Outlook, or any other provider, and that provider signature is never applied to mail sent through the API. If a message your app sends needs a sign-off, you create that signature with this API and attach it explicitly; there's no inheriting it from the connected account. That separation is deliberate, because a programmatic send is a different context from a person typing in their webmail. It does mean the responsibility is yours: a user who connects their mailbox expecting their familiar signature to appear on app-sent mail won't get it automatically. Stored signatures are grant-scoped, living at /v3/grants/{grant_id}/signatures , so each connected account has its own set, and they're HTML, so a branded sign-off with a logo and links works the same as a plain one. Create a signature Creating a signature is a POST /v3/grants/{grant_id}/signatures with a name and an HTML body . The name is for you, a label to find it by later; the body is the markup that gets appended to outbound mail. The response returns the signature with its ID, which is w
One-time passcodes are everywhere: sign up for a service, log in from a new device, confirm an action, and a six-digit code lands in your email. A human glances at it and types it in. An automated flow, a signup script, an end-to-end test, or an AI agent connecting to a third-party service, can't glance at anything. It has to pull the code out of the mailbox programmatically, and that's a surprisingly fiddly job: the code arrives seconds after a trigger, it's buried in a templated email, and every sender formats it differently. This post covers extracting verification codes from two angles: the nylas CLI , which does it for you in one command, and the Email API pattern you build when it's part of a larger flow. I work on the CLI, so the terminal commands below are the ones I reach for when I just need the code. Two ways to get the code There are two paths depending on what you're building. For terminal workflows, local testing, or scripting a login, the CLI has a dedicated nylas otp command that finds the latest code in a mailbox and hands it to you. For an application or an agent that reacts to incoming mail, you build the extraction into your own flow: catch the message when it arrives, pull the body, and parse the code out. The difference is who drives. The CLI is pull-based: you ask for the latest code when you need it. The API pattern is push-based: a webhook tells you a message arrived, and your code extracts the value as part of handling it. Both end at the same place, a string of digits you feed into whatever's waiting for it, but the CLI is the fast path for a developer and the API pattern is the durable path for a product. In practice you use both: the CLI to learn which sender and code format you're dealing with during development, then that same understanding baked into the application pattern for production. Grab the latest code from the CLI When you've just triggered a code and want it now, nylas otp get finds the most recent one in your default accoun
Every Nylas request you make on a user's behalf needs one thing first: their permission. Before you can list a mailbox, send on someone's behalf, or read a calendar, the user has to authorize your application through their provider, and that authorization is what's called a grant. Doing the OAuth dance yourself means registering with Google and Microsoft separately, handling each provider's consent screen, token exchange, and refresh quirks. Hosted OAuth collapses that into one flow that works the same across every provider. This post walks through connecting an account from two angles: the HTTP API your web app uses in production, and the nylas CLI for connecting a test account from the terminal. I work on the CLI, so the terminal commands below are the ones I reach for when I need a grant to develop against. What a grant is A grant is an authenticated connection to a single user's account. When a user authorizes your application, Nylas stores the connection and hands you a grant_id , a stable identifier you pass on every subsequent request to act on that user's email, calendar, or contacts. The grant is the unit of access: one user who connected one mailbox is one grant, and everything you build addresses /v3/grants/{grant_id}/... . Keep two credentials distinct here. Your API key authenticates your application to Nylas and goes in the Authorization header on every request; the grant_id identifies which connected user that request acts on. The API key is yours and stays on your backend, while a grant_id is minted per user when they connect. The grant is also where provider differences disappear. A Gmail grant and a Microsoft grant have different OAuth scopes and token mechanics underneath, but once connected, both are just a grant_id you use the same way. That's the point of hosted OAuth: you run one flow, the user picks their provider, and you get back the same kind of identifier regardless of who hosts the mailbox. Hosted OAuth supports Google, Microsoft, Yahoo,
Writing a clear, well-structured email takes time, and it's the kind of task an LLM is genuinely good at. But wiring up your own prompt-to-email pipeline means picking a model, threading the original message in as context, handling streaming, and keeping it all behind your API keys. The Nylas Smart Compose endpoints do that for you: send a natural-language prompt, get back a written message body, and the reply variant pulls in the original email as context automatically. This post walks through Smart Compose from two angles: the HTTP API for your backend, and the nylas CLI for the terminal. I work on the CLI, so the terminal commands below are the ones I reach for when I'm testing a prompt. How Smart Compose works Smart Compose is two endpoints that turn a prompt into a message body. You send a natural-language prompt , and the response comes back with a suggestion field holding the generated text. There's a POST /messages/smart-compose for writing a brand-new message, and a POST /messages/{message_id}/smart-compose for writing a reply, where the original message is folded into the context so the response actually answers it. The key thing to understand is that Smart Compose generates text, it doesn't send anything. The suggestion it returns is a message body you do something with: pass it straight to the Send Message endpoint , or pre-fill it into a draft for a human to review and edit first. That separation is deliberate, since it lets you put a person between the AI's output and the recipient, which is usually what you want for anything an LLM wrote. Two things to know before you start. Smart Compose runs against connected OAuth grants only, not Agent Accounts. The prompt also has a ceiling: up to 1,000 tokens, and a longer prompt returns an error. Generate a new message To write a fresh email, POST /v3/grants/{grant_id}/messages/smart-compose takes a single prompt describing what you want. The response carries the generated body in suggestion , which you then se