sendgrid error "Access forbidden" when trying to GET user profile API

Question

The following API request:

curl --request GET \
     --url https://api.sendgrid.com/v3/user/profile \
     --header 'Authorization: Bearer API KEY'\
     --header 'Content-Type: application/json'

From the docs: https://sendgrid.com/docs/API_Reference/Web_API_v3/user.html

Results in a HTTP 403 response with the following body:

{"errors":[{"field":null,"message":"access forbidden"}]}

I went to Settings -> API Keys and clicked on 'Edit details' to view the permissions granted to my API key and, as far as I can tell, there isn't any permission that I can grant (or revoke) that seems related to 'user profile'.

Just to be on the safe side, I have configured every single permission to 'Full Access' (when available) or to 'Read Access' if 'full access' is not available but I am still getting this HTTP 403 error.

What is the permission I need to grant to my API key in order to be able to retrieve my user profile?

Answer 1

Legacy API doesn't work. Use new API

I don't know if it resolve to someone, but I tried to add a contact to sendgrid using this doc getting {"errors":[{"field":null,"message":"access forbidden"}]}:

https://sendgrid.com/docs/API_Reference/Web_API_v3/Marketing_Campaigns/contactdb.html#Add-Single-Recipient-POST

POST POST https://api.sendgrid.com/v3/contactdb/recipients HTTP/1.1

After search a bit more I noted a new documentation (same version API v3) but with very different API methods:

https://sendgrid.api-docs.io/v3.0/contacts/add-or-update-a-contact

PUT https://api.sendgrid.com/v3/marketing/contacts

Answer 2

I dug into this and tried various things out myself.

You can't set the permissions for this to work via the website UI. You must make API calls to set the permission.

https://sendgrid.com/docs/API_Reference/Web_API_v3/API_Keys/api_key_permissions_list.html#User-Settings shows a list of all the possible permissions/scopes for user settings.

https://sendgrid.com/docs/API_Reference/Web_API_v3/API_Keys/index.html#Update-the-name-amp-scopes-of-an-API-Key-PUT explains how to add scopes to your API Key.

ADDED: So this is more convoluted than that. You can't use an API Key to modify an API Key unless that key already has permissions/scope to "api_keys.update". This means you find yourself in a catch 22. Instead of using the "Authroization: Bearer {API_KEY}" authorization header you need to make the first call to update an API Key to have that scope using a basic authorization header like "Authorization: Basic {base64Encoded("username:password")}". Quite convoluted and a pain to deal with right now. Sounds like they are coming out with an updated UI hopefully in a few weeks so we all can avoid this little catch 22 in the future.

Answer 3

This error is also caused due to insufficient permissions for api key.

https://sendgrid.com/docs/API_Reference/Web_API_v3/API_Keys/api_key_permissions_list.html#User-Settings

In order to use with api key just :

Go to Settings > Api keys > Edit Api Key > User Account

Viola! works like a charm with API Key as Auth.

curl --request GET \
 --url https://api.sendgrid.com/v3/user/profile \
 --header 'Authorization: Bearer API KEY'\
 --header 'Content-Type: application/json'

Hope this helps :)