Sendgrid Authenticate with API Keys

Question

I got the following mail from SentGrid,

We are emailing to inform you of an upcoming requirement to update your authentication method with Twilio SendGrid to API keys exclusively by December 9th, 2020 in order to ensure uninterrupted service and improve the security of your account. Our records show that you have used basic authentication with username and password for one or more of your API requests with 1 users of your SendGrid account in the last 180 days.

Why API keys?

This is an effort to enhance security for all of our users. Using your account username and password for authentication is less secure than using an API Key. Unlike your username and password, API Keys are uniquely generated and can be set to limit the access and specify permissions for a given request.

What action is required?

Follow these steps to identify and replace your authentication method to API Keys and then implement Two-Factor Authentication (2FA) for enhanced security. What happens if no action is taken? On December 9th, 2020 we will no longer accept basic authentication with username and password, and we will be requiring 2FA to login to your account. If you attempt to authenticate your API requests or SMTP configuration with username and password for any of your users after that date, your requests will be rejected. We’d like to thank you in advance for your prompt attention to these requirements. If you’d like to learn more about how you can enhance the security of your account, view this post. If you have any questions or need assistance, please visit our documentation or reach out to our Support team. Thank you, The Twilio SendGrid Team

Presently I am sending mails to sendgrid by using following credentials,

EMAIL_HOST = 'smtp.sendgrid.net'
EMAIL_USE_TLS = False
EMAIL_PORT = 587
EMAIL_HOST_USER = '[email protected]'
EMAIL_HOST_PASSWORD = 'xxx'''

Is this change affect me?

Answer 1

Yes, once they force two factor authentication (2FA), your application will not be able to do basic authentication by just using username/email & password.
So, you need to start using API keys.

Migration is simple:

• Login to sendgrid account
• Goto https://app.sendgrid.com/settings/api_keys
• "Generate API Key" - generate a new API key and copy paste to be used later
• Code changes:
  • EMAIL_HOST_USER = 'apikey' (username should be this only)
  • EMAIL_HOST_PASSWORD = 'YOUR_API_KEY'
• Test it

If the changes work, you are good to go and have migrated from basic authentication to API keys.

Answer 2

Yes it might. use API keys instead of using username and password.

Answer 3

I found this confusing at first so thought I'd write up how it works in case it helps others.

When using simple username/password, your application probably stores them as environment variables somewhere in your code. Here's an example of how rails uses those environment variables, but every application will be different - find them.

You can override the values of those two existing environment variables, but I prefer to create two new ones, and replace all references of the existing ones with the new ones throughout your application.

I named my two new ones: SENDGRID_API_USERNAME and SENDGRID_API_KEY

• SENDGRID_API_USERNAME will always be 'apikey' (a simple string)
• SENDGRID_API_KEY can be made here, and will look something like this SG.ngeJheYFYQlKU0ufo8x5d1A.TwL2iGABfnBvoTf-09kqeF8tAmbihYzrnopKc-1s5cr