From 49e5f5694dfa166ec84214daef6ca23358daf4e9 Mon Sep 17 00:00:00 2001
From: Aaron de Mello <aaron.d@nylas.com>
Date: Fri, 12 Jun 2026 14:26:16 -0400
Subject: [PATCH 1/2] Support callback URIs in application updates

---
 CHANGELOG.md                         |  1 +
 nylas/models/application_details.py  | 26 +++++++++++++++++++++-----
 nylas/resources/applications.py      |  2 --
 tests/resources/test_applications.py |  7 +++++++
 4 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4adbc2e..d80f75f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ Unreleased
 * Aligned Lists create support with the public `POST /v3/lists` schema and added create response/schema coverage
 * Added Manage Domains service-account auth support with canonical signed request bodies, bearer-auth suppression, encoded domain path segments, and `dmarc`/`arc` verification types
 * Added Workspaces resource (`client.workspaces`) with `list`, `find`, `create`, `update` (PATCH), `destroy`, `auto_group`, `manual_assign`, `default`, `policy_id`, and `rule_ids`
+* Corrected Applications `update` to accept `callback_uris` with callback URI IDs for preserving existing callback URIs
 * Corrected RedirectUris `update` to use PATCH instead of PUT; added `deleted_at` to the RedirectUri model and made `platform` optional on create
 * Verified and extended Applications: added `update` (PATCH `/v3/applications`) and public response fields (`idp_settings`, hosted-authentication legal URLs, `domain`, `blocked`, timestamps)
 * Fix draft and other JSON API requests failing with "only JSON and multipart supported" by sending `Content-Type: application/json` instead of `application/json; charset=utf-8`
diff --git a/nylas/models/application_details.py b/nylas/models/application_details.py
index a03085c..4386fca 100644
--- a/nylas/models/application_details.py
+++ b/nylas/models/application_details.py
@@ -4,7 +4,7 @@
 from dataclasses_json import dataclass_json
 from typing_extensions import TypedDict, NotRequired
 
-from nylas.models.redirect_uri import RedirectUri
+from nylas.models.redirect_uri import RedirectUri, WritableRedirectUriSettings
 
 Region = str
 """ The Nylas API region (free-form string, e.g. ``us``, ``eu``). """
@@ -196,20 +196,35 @@ class WritableAdditionalSettings(TypedDict):
     allow_query_param_in_redirect_uri: NotRequired[bool]
 
 
+class UpdateApplicationRedirectUriRequest(TypedDict):
+    """
+    Class representing a callback URI provided for an update application call.
+
+    Attributes:
+        id: Existing callback URI ID. Include this when preserving or updating an existing URI.
+        url: Redirect URL.
+        platform: Platform identifier. Optional; defaults to "web" server-side.
+        settings: Optional settings for the redirect URI.
+    """
+
+    id: NotRequired[str]
+    url: str
+    platform: NotRequired[str]
+    settings: NotRequired[WritableRedirectUriSettings]
+
+
 class UpdateApplicationRequest(TypedDict):
     """
     Class representing a request to update a Nylas application.
 
     Note:
-        ``callback_uris`` / ``redirect_uris`` cannot be set via this request; the
-        server silently ignores them. Manage callback URIs via the dedicated
-        redirect-uris endpoints. ``additional_settings`` is write-only and is
-        stripped from the response.
+        ``additional_settings`` is write-only and is stripped from the response.
 
     Attributes:
         branding: Branding details for the application.
         hosted_authentication: Hosted authentication branding details.
         idp_settings: Identity provider settings.
+        callback_uris: List of callback URIs for the application.
         domain: The white-label domain associated with the application.
         additional_settings: Additional (write-only) application settings.
     """
@@ -217,5 +232,6 @@ class UpdateApplicationRequest(TypedDict):
     branding: NotRequired[WritableBranding]
     hosted_authentication: NotRequired[WritableHostedAuthentication]
     idp_settings: NotRequired[WritableIdpSettings]
+    callback_uris: NotRequired[List[UpdateApplicationRedirectUriRequest]]
     domain: NotRequired[str]
     additional_settings: NotRequired[WritableAdditionalSettings]
diff --git a/nylas/resources/applications.py b/nylas/resources/applications.py
index 7b788f9..74aaaec 100644
--- a/nylas/resources/applications.py
+++ b/nylas/resources/applications.py
@@ -51,8 +51,6 @@ def update(
         Update the application information.
 
         Note:
-            ``callback_uris`` / ``redirect_uris`` cannot be updated here; the server
-            silently ignores them. Use the redirect URIs endpoints instead.
             ``additional_settings`` is write-only and is stripped from the response.
 
         Args:
diff --git a/tests/resources/test_applications.py b/tests/resources/test_applications.py
index 7612882..8e076e7 100644
--- a/tests/resources/test_applications.py
+++ b/tests/resources/test_applications.py
@@ -173,6 +173,13 @@ def test_update(self):
             "branding": {"name": "Updated application"},
             "hosted_authentication": {"title": "Welcome"},
             "idp_settings": {"origins": "https://a.com"},
+            "callback_uris": [
+                {
+                    "id": "0556d035-6cb6-4262-a035-6b77e11cf8fc",
+                    "url": "https://example.com/callback",
+                    "platform": "web",
+                }
+            ],
             "domain": "auth.example.com",
             "additional_settings": {"rotate_refresh_token": True},
         }

From 234ada4c35a766f20f0df0704b2ba476fdc125b4 Mon Sep 17 00:00:00 2001
From: Aaron de Mello <aaron.d@nylas.com>
Date: Fri, 12 Jun 2026 14:32:07 -0400
Subject: [PATCH 2/2] Document workspace auto-group invalid filter

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d80f75f..c01b1ff 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@ Unreleased
 ----------
 * Aligned Lists create support with the public `POST /v3/lists` schema and added create response/schema coverage
 * Added Manage Domains service-account auth support with canonical signed request bodies, bearer-auth suppression, encoded domain path segments, and `dmarc`/`arc` verification types
-* Added Workspaces resource (`client.workspaces`) with `list`, `find`, `create`, `update` (PATCH), `destroy`, `auto_group`, `manual_assign`, `default`, `policy_id`, and `rule_ids`
+* Added Workspaces resource (`client.workspaces`) with `list`, `find`, `create`, `update` (PATCH), `destroy`, `auto_group`, `manual_assign`, `invalid_also`, `default`, `policy_id`, and `rule_ids`
 * Corrected Applications `update` to accept `callback_uris` with callback URI IDs for preserving existing callback URIs
 * Corrected RedirectUris `update` to use PATCH instead of PUT; added `deleted_at` to the RedirectUri model and made `platform` optional on create
 * Verified and extended Applications: added `update` (PATCH `/v3/applications`) and public response fields (`idp_settings`, hosted-authentication legal URLs, `domain`, `blocked`, timestamps)