Skip to content Skip to navigation Skip to topbar

Create API keys

API Overview

Your application, mail client, or website can all use API (Application Programming Interface) keys to authenticate access to SendGrid services. You can revoke an API key at any time without having to change your username and password, and an API key can be scoped to perform a limited number of actions.

There are 3 different types of API keys:

Full Access
Allows the API key to access GET , PATCH , PUT , DELETE and POST endpoints for all parts of your account, excluding billing and Email Address Validation.
Restricted Access
Customizes levels of access for all parts of your account, excluding billing and Email Address Validation.
Billing Access
Allows the API key to access billing endpoints for the account.

You must create your first API key using the Twilio SendGrid App. Once you have a key with permissions to manage other keys, you can use the endpoints documented as part of this API.

(warning)

Warning

Twilio SendGrid API keys are 69 characters long. We are unable to make exceptions for third-party infrastructure that is unable to support a key of 69 characters.

(information)

Info

There is a limit of 100 API Keys on your account.

Operation overview

POST/v3/api_keys

Base url: https://api.sendgrid.com

This endpoint allows you to create a new API Key for the user.

To create your initial SendGrid API Key, you should use the SendGrid App. Once you have created a first key with scopes to manage additional API keys, you can use this API for all other key management. A JSON request body containing a name property is required when making requests to this endpoint. If the number of maximum keys, 100, is reached, a 403 status will be returned. Though the name field is required, it does not need to be unique. A unique API key ID will be generated for each key you create and returned in the response body. It is not necessary to pass a scopes field to the API when creating a key, but you should be aware that omitting the scopes field from your request will create a key with "Full Access" permissions by default. See the API Key Permissions List for all available scopes. An API key's scopes can be updated after creation using the "Update API keys" endpoint.

Operation details

Authentication

API Key

Headers

Property nameTypeRequiredDescription

Authorizationstringrequired

Default: Bearer <<YOUR_API_KEY_HERE>>

on-behalf-ofstringOptional

The on-behalf-of header allows you to make API calls from a parent account on behalf of the parent's Subusers or customer accounts. You will use the parent account's API key when using this header. When making a call on behalf of a customer account, the property value should be "account-id" followed by the customer account's ID (e.g., on-behalf-of: account-id <account-id>). When making a call on behalf of a Subuser, the property value should be the Subuser's username (e.g., on-behalf-of: <subuser-username>). See On Behalf Of for more information.

Request body

SchemaExample

Property nameTypeRequiredDescriptionChild properties

namestringrequired

The name you will use to describe this API Key.

scopesarray[string]Optional

The individual permissions that you are giving to this API Key.

Responses

201400401403404500

SchemaExample

Property nameTypeRequiredDescriptionChild properties

api_keystring

api_key_idstring

namestring

scopesarray[string]

Create API keys

Node.js

Python

Java

PHP

Ruby

curl


_26const client = require('@sendgrid/client');
_26client.setApiKey(process.env.SENDGRID_API_KEY);
_26
_26const data = {
_26  "name": "My API Key",
_26  "scopes": [
_26    "mail.send",
_26    "alerts.create",
_26    "alerts.read"
_26  ]
_26};
_26
_26const request = {
_26  url: `/v3/api_keys`,
_26  method: 'POST',
_26  body: data
_26}
_26
_26client.request(request)
_26  .then(([response, body]) => {
_26    console.log(response.statusCode);
_26    console.log(response.body);
_26  })
_26  .catch(error => {
_26    console.error(error);
_26  });