Last spring, SendGrid introduced API keys to permit our customers to use keys instead of username/password combinations to send mail through our system programmatically. This offering now helps thousands of SendGrid customers to send more securely.
Today, we are happy to announce that we’ve taken additional steps to make your account even more secure. API key permissions are now available within the SendGrid platform.
With API key permissions, SendGrid customers can give each API key different permissions within your SendGrid account. API keys help protect the sensitive areas of your SendGrid account (e.g. contacts and account settings). They limit damage that may be done both inadvertently or maliciously.
For example, you could create an API key that limits access to your SendGrid statistics and email activity dashboards only. So, if the worst happens and your key falls into the wrong hands, the malicious sender couldn’t access any part of your account beyond those dashboards.
For SendGrid customers who have not yet transitioned from the username/password to API keys for mail sending, we encourage that you migrate as soon as possible. It’s a worthwhile change that can prevent problems down the road. Set up your API keys!