Save time and feel confident you are set up for long-term success with Email Implementation. Our experts will work as an extension of your team to ensure your email program is correctly set up and delivering value for your business.
Twilio SendGrid API keys are 69 characters long. We are unable to make exceptions for third-party infrastructure that is unable to support a key of 69 characters.
Your application, mail client, or website can all use API (Application Programming Interface) keys to authenticate access to SendGrid services. They are the preferred alternative to using a username and password because you can revoke an API key at any time without having to change your username and password. We suggest that you use API keys for connecting to all of SendGrid's services.
There are 3 different types of API keys:
Full Access allows the API key to access GET
, PATCH
, PUT
, DELETE
and POST
endpoints for all parts of your account, excluding billing and Email Address Validation.
Restricted Access customizes levels of access for all parts of your account, excluding billing and Email Address Validation.
Billing Access allows the API key to access billing endpoints for the account.
During the API key creation process, you will be given the option of selecting scopes, or specific permissions, that you would like to assign to your new API key. These permissions restrict which areas of your account your API key will be able to access. When assigning permissions to your API key, you will be given the option to select one of the following levels of access:
No Access prevents the API key from accessing any endpoint within the selected permission.
Read Access allows the API key to access GET
endpoints within the selected permission.
Full Access allows the API key to access GET
, PATCH
, PUT
, DELETE
, and POST
endpoints within the selected permission.
We require that you create a separate API key for making billing-related API calls. This segmentation adds an extra level of security by giving you more control over who has access to the various areas of your account.
When viewing the API keys page, you will see a list of your current API keys along with the following information:
Name - The name you defined for your API key.
API Key ID - The way you would reference your API key for management through the API (e.g. editing or deleting a key).
Action - Actions you can perform on your API keys, such as editing or deleting the key.
You will only be shown your API key one time. Please store it somewhere safe as we will not be able to retrieve or restore it.
There is a limit of 100 API Keys per account.
Twilio SendGrid recommends storing your API key in an environment variable or a config file that is not stored in version control.
When setting a variable in your program, that variable is readable by any person or system that can access the text file where it's set. However, a variable that's confined to the environment where the code is executed, stored outside the program itself, is called an environment variable. Only people and programs with access to the environment can read the value assigned to an environment variable. This makes environment variables a more secure choice for storing credentials such as API keys.
Once you assign your API key to an environment variable, you can then tell your program to look for and use that variable. Another benefit of this approach is the ability to set API keys with different permissions in different environments such as development, staging, and production without changing the code you deploy to those environments.
The examples below show how to store your key in a variable named SENDGRID_API_KEY
. You can find additional examples in the Twilio Documentation.
To store your SendGrid API key, open your terminal or command prompt and add the following:
export SENDGRID_API_KEY=the_key_you_copied_from_SendGrid
setx SENDGRID_API_KEY the_key_you_copied_from_SendGrid
To then access the variable, you can use the convention provided by your coding language.
var apiKey = Environment.GetEnvironmentVariable("SENDGRID_API_KEY");
apiKey := os.Getenv("SENDGRID_API_KEY")
apiKey = System.getenv("SENDGRID_API_KEY");
const apiKey = process.env.SENDGRID_API_KEY;
$apiKey = getenv('SENDGRID_API_KEY');
api_key = os.environ.get('SENDGRID_API_KEY')
api_key = ENV['SENDGRID_API_KEY']
Click the action menu in the same row as the key you would like to edit. From here you can delete a key, making it completely inactive, or you can edit your key's name and permissions.
Once you delete a key, it can no longer be used to access SendGrid's services.
Click the action menu in the same row as the key you want to delete. Select Delete. This will delete the key permanently, making it inactive. SendGrid will reject any subsequent API calls using this deleted API key.
You may not give an API key greater permissions than you currently have.
You can test your newly created API key using cURL:
1curl -i --request POST \2--url https://api.sendgrid.com/v3/mail/send \3--header 'Authorization: Bearer YOUR_API_KEY_HERE' \4--header 'Content-Type: application/json' \5--data '{"personalizations": [{"to": [{"email": "recipient@example.com"}]}],"from": {"email": "sendeexampexample@example.com"},"subject": "Hello, World!","content": [{"type": "text/plain", "value": "Howdy!"}]}'
Look for a 202 Accepted in the HTTP response headers.
Save time and feel confident you are set up for long-term success with Email Implementation. Our experts will work as an extension of your team to ensure your email program is correctly set up and delivering value for your business.