Closed altairdeark closed 8 years ago
I have a API key with all the possible permissions and I got "access frobidden" when posting to the endpoint "mail/batch". I'm using CURL.
I haven't found an answer in the documentation/support forum
@gsusI,
Please open up a ticket with https://support.sendgrid.com. They will be able to dig deeper into your account and figure out what is going on with your key.
Request #716584
The issue for me seems to be that not all the permissions allowed can be managed through the UI.
We encountered this as well. It looks like a systematic problem, rather than case-specific.
@oytuntez,
Can you also submit a support ticket?
Did that as well, thank you.
Oytun Tez
M O T A W O R D - The World's Fastest Human Translation Platform. J S O N - L A N G - JSON specification for localization file exchange. I AM A FACT - Entrepreneurification!
On Thu, Jul 28, 2016 at 5:55 PM, Elmer Thomas notifications@github.com wrote:
@oytuntez https://github.com/oytuntez,
Can you also submit a support ticket?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sendgrid/sendgrid-php/issues/263#issuecomment-236037133, or mute the thread https://github.com/notifications/unsubscribe-auth/AAoE--SxldtGtya7xai0fAbr32exJwEdks5qaSVFgaJpZM4JMFXp .
I have to publicize this, because I don't understand why 1) this is not documented, 2) we are being redirected to Support even though this is probably a known defect.
Here is the support response:
Hi,
Thank you for contacting us.
Unfortunately, when creating an API key from Sendgrid UI it doesn't have all the detailed permissions. The required scope of this call is not an automatic one, so it needs to be added via an API call. I recommend you to create a new API key via API V3 with Basic Authentication and add more permissions to it. You can also update an already created API key.
Create API Key: POST https://api.sendgrid.com/v3/api_keys Update API Key: PUT https://api.sendgrid.com/v3/api_keys/{api_key_id}
Here you can find more API calls related to API Key and also all the permissions that you add to it:
API key Post Update Permisions
Please note that you can't add General permissions and Billing Permissions to the same API key.
Please let me know if it helps and if I can help you with anything else.
Best regards,
I cannot find any information about using Basic Auth to authenticate. As far as I can tell, the v3 API only accepts api_key
for authentication. Could you point me to an example of how to use Basic Auth.
@gmhawash,
Yes, the v3 API only accepts an API Key for authentication.
Why do you need Basic Auth?
Are you having trouble with your API Key? If so, please reach out to https://support.sendgrid.com and they can help.
Thanks!
I want to create subusers and apikeys for them from the API.
My root/parent API Keys do not have the permission to create subusers or apikeys
or to change permissions on the API key and there is no way to assign them in the UI.
So, I first need to give the parent API key these permissions, and in order to do so, I need to login with username/password using Basic Auth, change the API key permissions, and use the API key from that point forward.
@gmhawash,
Please reach out to our support team at https://support.sendgrid.com. I'm hoping they can help you work through a solution that would fit your needs.
API v3 does accept Basic Auth.
Basically you need to set a header with something like:
"Authorization: Basic " . base64_encode("$username:$password")
Where $username & $password belong to the main user. Including that header you will be able to use the endpoint api_keys/ to set the permissions
And @oytuntez is very right, it should be documented properly to avoid this thread (and its duplicates) to keep growing.
Thanks for the feedback @gsusI, I will put in a request with our documentation team.
I would take it a bit further and rather than having to force the header for basic auth, make Basic Auth authentication as a first class citizen (like API key), and allow for passing in username
and password
combo or an api_key
.
@gsusI Thanks a lot for saving my time. Sendgrid's documentation is definitely flawed.
In an effort to be helpful, here's what I just learned from connecting the dots across several SendGrid documentation pages, the most helpeful of which was this one.
PATCH
request, but rather a PUT
. This meant, I needed to first GET
the existing scopes
and then append the new ones. Otherwise, it overwrites all the existing scopes. Side note: whoa! It would be nice to support PATCH
here, or make the dangerzone more clear in the docs. echo -n "<username>:<password>" | openssl base64
curl -H "Authorization: $base64creds"
name
of the API key, even if it already has one.PUT
web request to /v3/api_keys/<your key>
{your_api_key}
value is the second part. I.e. do not use the name
and do not send the entire key value.@papaben I guess you meant to write "it overwrites all the existing scopes" instead of "it overwrites all the existing keys", didn't you?
Anyone coming here because of the 403: FORBIDDEN
error when creating a batch ID using the client.request
method should know that (as of 2021) you can set teh required permissions in the UI.
Mail Send > Scheduled Sends https://app.sendgrid.com/settings/api_keys
Access Forbidden
Can not get batch ID throw api, response code is 403. Due some investigation, we found this ticket: https://github.com/sendgrid/sendgrid-csharp/issues/185. However it was not helpfull, since we have only one account and we pretty sure we use admin account.
Steps to Reproduce
Technical details: