Menu

API Keys

Your application, mail client, or website can all use API (Application Programming Interface) keys to authenticate access to SendGrid services. You can revoke an API key at any time without having to change your username and password, and an API key can be scoped to perform a limited number of actions.

There are 3 different types of API keys:

  • Full Access
    Allows the API key to access GET, PATCH, PUT, DELETE and POST endpoints for all parts of your account, excluding billing and Email Address Validation.
  • Restricted Access
    Customizes levels of access for all parts of your account, excluding billing and Email Address Validation.
  • Billing Access
    Allows the API key to access billing endpoints for the account.

You must create your first API key using the Twilio SendGrid App. Once you have a key with permissions to manage other keys, you can use the endpoints documented as part of this API.

Create API keys

Create API keys

POST /api_keys

This endpoint allows you to create a new API Key for the user.

To create your initial SendGrid API Key, you should use the SendGrid App. Once you have created a first key with scopes to manage additional API keys, you can use this API for all other key management.

There is a limit of 100 API Keys on your account.

A JSON request body containing a name property is required when making requests to this endpoint. If the number of maximum keys, 100, is reached, a 403 status will be returned.

Though the name field is required, it does not need to be unique. A unique API key ID will be generated for each key you create and returned in the response body.

It is not necessary to pass a scopes field to the API when creating a key, but you should be aware that omitting the scopes field from your request will create a key with "Full Access" permissions by default.

See the API Key Permissions List for all available scopes. An API key's scopes can be updated after creation using the "Update API keys" endpoint.

Authentication

  • API Key

Headers

Authorization
string
default: Bearer <<YOUR_API_KEY_HERE>>
required
on-behalf-of
string
default: The subuser's username. This header generates the API call as if the subuser account was making the call.

Request Body

object
name
string

The name you will use to describe this API Key.

required
scopes
array[string]

The individual permissions that you are giving to this API Key.

{
  "name": "My API Key",
  "scopes": [
    "mail.send",
    "alerts.create",
    "alerts.read"
  ]
}

Responses

object
api_key
string
api_key_id
string
name
string
scopes
array[string]
object
errors
array[object]
message
string

the error message

field
string

the field that generated the error

help
object

helper text or docs for troubleshooting

id
string
{
  "errors": [
    {
      "field": "field_name",
      "message": "error message"
    }
  ]
}
object
errors
array[object]
message
string

the error message

field
string

the field that generated the error

help
object

helper text or docs for troubleshooting

id
string
{
  "errors": [
    {
      "field": "field_name",
      "message": "error message"
    }
  ]
}
object
errors
array[object]
message
string

the error message

field
string

the field that generated the error

help
object

helper text or docs for troubleshooting

id
string
{
  "errors": [
    {
      "field": "field_name",
      "message": "error message"
    }
  ]
}
object
errors
array[object]
message
string

the error message

field
string

the field that generated the error

help
object

helper text or docs for troubleshooting

id
string
{
  "errors": [
    {
      "field": "field_name",
      "message": "error message"
    }
  ]
}
object
errors
array[object]
message
string

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the SendGrid tag on Stack Overflow.