I'm trying to invite users to my SendGrid subscription via API. To do so, I've created a FULL ACCESS key.
If I try to create a user with the TeamMates api ( https://sendgrid.com/docs/API_Reference/Web_API_v3/teammates.html ) I receive a "forbidden" response.
If I ask the system about my key:
GET https://api.sendgrid.com/v3/api_keys/[KEY_ID]
I get a list of permissions:
{
"api_key_id": "__ID__",
"name": "__NAME__",
"scopes": [
"alerts.create",
"alerts.read",
"alerts.update",
"alerts.delete",
"asm.groups.create",
"asm.groups.read",
"asm.groups.update",
"asm.groups.delete",
"ips.pools.ips.read",
"mail.send",
"mail_settings.bcc.read",
"mail_settings.bcc.update",
"mail_settings.address_whitelist.read",
"mail_settings.address_whitelist.update",
"mail_settings.footer.read",
"mail_settings.footer.update",
"mail_settings.forward_spam.read",
"mail_settings.forward_spam.update",
"mail_settings.plain_content.read",
"mail_settings.plain_content.update",
"mail_settings.spam_check.read",
"mail_settings.spam_check.update",
"mail_settings.bounce_purge.read",
"mail_settings.bounce_purge.update",
"mail_settings.forward_bounce.read",
"mail_settings.forward_bounce.update",
"partner_settings.new_relic.read",
"partner_settings.new_relic.update",
"partner_settings.sendwithus.read",
"partner_settings.sendwithus.update",
"tracking_settings.click.read",
"tracking_settings.click.update",
"tracking_settings.subscription.read",
"tracking_settings.subscription.update",
"tracking_settings.open.read",
"tracking_settings.open.update",
"tracking_settings.google_analytics.read",
"tracking_settings.google_analytics.update",
"user.webhooks.event.settings.read",
"user.webhooks.event.settings.update",
"user.webhooks.event.test.create",
"user.webhooks.event.test.read",
"user.webhooks.event.test.update",
"user.webhooks.parse.settings.create",
"user.webhooks.parse.settings.read",
"user.webhooks.parse.settings.update",
"user.webhooks.parse.settings.delete",
"stats.read",
"stats.global.read",
"categories.stats.read",
"categories.stats.sums.read",
"devices.stats.read",
"clients.stats.read",
"clients.phone.stats.read",
"clients.tablet.stats.read",
"clients.webmail.stats.read",
"clients.desktop.stats.read",
"geo.stats.read",
"mailbox_providers.stats.read",
"browsers.stats.read",
"user.webhooks.parse.stats.read",
"templates.create",
"templates.read",
"templates.update",
"templates.delete",
"templates.versions.create",
"templates.versions.read",
"templates.versions.update",
"templates.versions.delete",
"templates.versions.activate.create",
"user.timezone.read",
"user.timezone.update",
"user.settings.enforced_tls.read",
"user.settings.enforced_tls.update",
"api_keys.create",
"api_keys.read",
"api_keys.update",
"api_keys.delete",
"email_activity.read",
"categories.create",
"categories.read",
"categories.update",
"categories.delete",
"mail_settings.template.read",
"mail_settings.template.update",
"marketing_campaigns.create",
"marketing_campaigns.read",
"marketing_campaigns.update",
"marketing_campaigns.delete",
"mail.batch.create",
"mail.batch.read",
"mail.batch.update",
"mail.batch.delete",
"user.scheduled_sends.create",
"user.scheduled_sends.read",
"user.scheduled_sends.update",
"user.scheduled_sends.delete",
"access_settings.whitelist.create",
"access_settings.whitelist.read",
"access_settings.whitelist.update",
"access_settings.whitelist.delete",
"access_settings.activity.read",
"whitelabel.create",
"whitelabel.read",
"whitelabel.update",
"whitelabel.delete",
"suppression.create",
"suppression.read",
"suppression.update",
"suppression.delete"
]
}
But there is no "user-related" permissions. For this reason I tried to "change" my Key permission like:
{
"name": "__NAME__",
"scopes": [
"alerts.create",
"alerts.read",
"alerts.update",
"alerts.delete",
"asm.groups.create",
"asm.groups.read",
"asm.groups.update",
"asm.groups.delete",
"ips.pools.ips.read",
"mail.send",
"mail_settings.bcc.read",
"mail_settings.bcc.update",
"mail_settings.address_whitelist.read",
"mail_settings.address_whitelist.update",
"mail_settings.footer.read",
"mail_settings.footer.update",
"mail_settings.forward_spam.read",
"mail_settings.forward_spam.update",
"mail_settings.plain_content.read",
"mail_settings.plain_content.update",
"mail_settings.spam_check.read",
"mail_settings.spam_check.update",
"mail_settings.bounce_purge.read",
"mail_settings.bounce_purge.update",
"mail_settings.forward_bounce.read",
"mail_settings.forward_bounce.update",
"partner_settings.new_relic.read",
"partner_settings.new_relic.update",
"partner_settings.sendwithus.read",
"partner_settings.sendwithus.update",
"tracking_settings.click.read",
"tracking_settings.click.update",
"tracking_settings.subscription.read",
"tracking_settings.subscription.update",
"tracking_settings.open.read",
"tracking_settings.open.update",
"tracking_settings.google_analytics.read",
"tracking_settings.google_analytics.update",
"user.webhooks.event.settings.read",
"user.webhooks.event.settings.update",
"user.webhooks.event.test.create",
"user.webhooks.event.test.read",
"user.webhooks.event.test.update",
"user.webhooks.parse.settings.create",
"user.webhooks.parse.settings.read",
"user.webhooks.parse.settings.update",
"user.webhooks.parse.settings.delete",
"stats.read",
"stats.global.read",
"categories.stats.read",
"categories.stats.sums.read",
"devices.stats.read",
"clients.stats.read",
"clients.phone.stats.read",
"clients.tablet.stats.read",
"clients.webmail.stats.read",
"clients.desktop.stats.read",
"geo.stats.read",
"mailbox_providers.stats.read",
"browsers.stats.read",
"user.webhooks.parse.stats.read",
"templates.create",
"templates.read",
"templates.update",
"templates.delete",
"templates.versions.create",
"templates.versions.read",
"templates.versions.update",
"templates.versions.delete",
"templates.versions.activate.create",
"user.timezone.read",
"user.timezone.update",
"user.settings.enforced_tls.read",
"user.settings.enforced_tls.update",
"api_keys.create",
"api_keys.read",
"api_keys.update",
"api_keys.delete",
"email_activity.read",
"categories.create",
"categories.read",
"categories.update",
"categories.delete",
"mail_settings.template.read",
"mail_settings.template.update",
"marketing_campaigns.create",
"marketing_campaigns.read",
"marketing_campaigns.update",
"marketing_campaigns.delete",
"mail.batch.create",
"mail.batch.read",
"mail.batch.update",
"mail.batch.delete",
"user.scheduled_sends.create",
"user.scheduled_sends.read",
"user.scheduled_sends.update",
"user.scheduled_sends.delete",
"access_settings.whitelist.create",
"access_settings.whitelist.read",
"access_settings.whitelist.update",
"access_settings.whitelist.delete",
"access_settings.activity.read",
"whitelabel.create",
"whitelabel.read",
"whitelabel.update",
"whitelabel.delete",
"suppression.create",
"suppression.read",
"suppression.update",
"suppression.delete",
"user.account.read",
"user.credits.read",
"user.email.create",
"user.email.delete",
"user.email.read",
"user.email.update"
]
}
But I had no luck:
{
"errors": [
{
"field": null,
"message": "unauthorized scopes: [user.account.read user.credits.read user.email.create user.email.delete user.email.read user.email.update]"
}
]
}
Is there any way to INVITE with API KEY some users to SendGrid? Is something I'm doing wrong or related to my plan?
Thanks
The response was in the docs, summarizing:
You must creating superpower API KEY with Username + Password and then use them.
From: https://sendgrid.com/docs/Classroom/Basics/API/api_key_permissions.html
"Important things to know before making the above API request:
You can add basic authorization to your API call yourself by base64 encoding your username and password like this: username:password and adding it to your Authorization header as Basic. We go into a little more detail on this here. Or you can use a rest client like Postman or Paw, where you can select to Authenticate with basic auth (your SendGrid parent account username and password) then update the request to add your parent account credentials encoded into the headers. We only recommend authenticating with your username and password when updating your API Key permissions. All other API calls should be authenticated via your API Key.