Sendgrid API Authentication Needed ASAP


Our servers run on the Google Cloud and per Google's recommendation, we set up Sendgrid for all outbound emails several years ago. Unfortunately, we received the following email today from Sendgrid:

We are emailing to inform you of an upcoming requirement to update your authentication method with Twilio SendGrid to API keys exclusively by December 9th, 2020 in order to ensure uninterrupted service and improve the security of your account. Our records show that you have used basic authentication with username and password for one or more of your API requests.

Why API keys?
This is an effort to enhance security for all of our users. Using your account username and password for authentication is less secure than using an API Key. Unlike your username and password, API Keys are uniquely generated and can be set to limit the access and specify permissions for a given request.

What action is required?
Follow these steps to identify and replace your authentication method to API Keys and then implement Two-Factor Authentication (2FA) for enhanced security.

What happens if no action is taken?
On December 9th, 2020 we will no longer accept basic authentication with username and password, and we will be requiring 2FA to login to your account. If you attempt to authenticate your API requests or SMTP configuration with username and password for any of your users after that date, your requests will be rejected.

Based upon the above mandate, I am requesting that API key authentication be added to the SMTP email options for Xenforo.

Please advise.
Upvote 0


You can delete this thread. After digging into the docs, it appears they aren't requiring anything special from our side. The username and password setup for SMTP is still used but the difference is that they are requiring apikey as the username and then whatever the actual key is for the password.

My bad on that one.