Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page


SendGrid supports API keys delivered via Bearer token or Basic authentication, depending on the SendGrid functionality you are using. In addition to Bearer API key authentication, SendGrid recommends two-factor authentication (2FA) to improve security.

API key

api-key page anchor

Authenticate to the SendGrid API by creating an API Key in the Settings section of the SendGrid UI(link takes you to an external page).

SendGrid requires using API keys because they are a secure way to talk to the SendGrid API that is separate from your username and password. If your API key gets compromised, it's easy to delete and create a new API key and update your environment variables with the new key. API key permissions can be set to provide access to different functions of your account, without providing access to your account as a whole.

To use an API key, pass an Authorization header with a value of Bearer <Your-API-Key-Here>, where you replace <Your-API-Key-Here> with the API Key that you created in the UI.

Example header:

Authorization: Bearer <Your-API-Key-Here>

curl -X "GET" "" -H "Authorization: Bearer <Your-API-Key-Here>" -H "Content-Type: application/json"

Using basic authentication with your account password is not as secure as using an API key. If your credentials are compromised—for example, if you accidentally commit them to version control—it is more difficult to regain the security of your account when those credentials are your username and password rather than an API key. For this reason, Twilio SendGrid ended support for Basic Authentication with username and password as of Q4 2020. SendGrid supports Basic Authentication using an API key as your password value for some services.

When using Basic Authentication, your username will always be "apikey," and your password will be your API key.



If you are currently using Basic authentication, we recommend upgrading your authentication method to Bearer using API Keys and then enabling Two-Factor Authentication for improved security. For more information, see Upgrading your authentication method to API Keys.

Two-factor authentication

two-factor-authentication page anchor

Enabling two-factor authentication (2FA) will allow Twilio SendGrid to deliver confirmation codes via SMS to your mobile phone. You will not be able to log in when cellular service is not available. SMS 2FA is powered by Authy(link takes you to an external page). Selecting this option does not require an Authy account, but if you have one, you will be able to use either the Authy App(link takes you to an external page) or SMS messages.

To ensure the security of your account, SendGrid requires enabling two-factor authentication (2FA) for all users. For more information about setting up 2FA, see Two-factor authentication.



It is not possible to use basic authentication for users, subusers, or teammates that enable 2FA.

Rate this page: