SendGrid Invite Teammate via API 3.0

383 views Asked by At

I'm trying to invite users to my SendGrid subscription via API. To do so, I've created a FULL ACCESS key.

If I try to create a user with the TeamMates api ( https://sendgrid.com/docs/API_Reference/Web_API_v3/teammates.html ) I receive a "forbidden" response.

If I ask the system about my key:

GET https://api.sendgrid.com/v3/api_keys/[KEY_ID]

I get a list of permissions:

{
"api_key_id": "__ID__",
"name": "__NAME__",
"scopes": [
    "alerts.create",
    "alerts.read",
    "alerts.update",
    "alerts.delete",
    "asm.groups.create",
    "asm.groups.read",
    "asm.groups.update",
    "asm.groups.delete",
    "ips.pools.ips.read",
    "mail.send",
    "mail_settings.bcc.read",
    "mail_settings.bcc.update",
    "mail_settings.address_whitelist.read",
    "mail_settings.address_whitelist.update",
    "mail_settings.footer.read",
    "mail_settings.footer.update",
    "mail_settings.forward_spam.read",
    "mail_settings.forward_spam.update",
    "mail_settings.plain_content.read",
    "mail_settings.plain_content.update",
    "mail_settings.spam_check.read",
    "mail_settings.spam_check.update",
    "mail_settings.bounce_purge.read",
    "mail_settings.bounce_purge.update",
    "mail_settings.forward_bounce.read",
    "mail_settings.forward_bounce.update",
    "partner_settings.new_relic.read",
    "partner_settings.new_relic.update",
    "partner_settings.sendwithus.read",
    "partner_settings.sendwithus.update",
    "tracking_settings.click.read",
    "tracking_settings.click.update",
    "tracking_settings.subscription.read",
    "tracking_settings.subscription.update",
    "tracking_settings.open.read",
    "tracking_settings.open.update",
    "tracking_settings.google_analytics.read",
    "tracking_settings.google_analytics.update",
    "user.webhooks.event.settings.read",
    "user.webhooks.event.settings.update",
    "user.webhooks.event.test.create",
    "user.webhooks.event.test.read",
    "user.webhooks.event.test.update",
    "user.webhooks.parse.settings.create",
    "user.webhooks.parse.settings.read",
    "user.webhooks.parse.settings.update",
    "user.webhooks.parse.settings.delete",
    "stats.read",
    "stats.global.read",
    "categories.stats.read",
    "categories.stats.sums.read",
    "devices.stats.read",
    "clients.stats.read",
    "clients.phone.stats.read",
    "clients.tablet.stats.read",
    "clients.webmail.stats.read",
    "clients.desktop.stats.read",
    "geo.stats.read",
    "mailbox_providers.stats.read",
    "browsers.stats.read",
    "user.webhooks.parse.stats.read",
    "templates.create",
    "templates.read",
    "templates.update",
    "templates.delete",
    "templates.versions.create",
    "templates.versions.read",
    "templates.versions.update",
    "templates.versions.delete",
    "templates.versions.activate.create",
    "user.timezone.read",
    "user.timezone.update",
    "user.settings.enforced_tls.read",
    "user.settings.enforced_tls.update",
    "api_keys.create",
    "api_keys.read",
    "api_keys.update",
    "api_keys.delete",
    "email_activity.read",
    "categories.create",
    "categories.read",
    "categories.update",
    "categories.delete",
    "mail_settings.template.read",
    "mail_settings.template.update",
    "marketing_campaigns.create",
    "marketing_campaigns.read",
    "marketing_campaigns.update",
    "marketing_campaigns.delete",
    "mail.batch.create",
    "mail.batch.read",
    "mail.batch.update",
    "mail.batch.delete",
    "user.scheduled_sends.create",
    "user.scheduled_sends.read",
    "user.scheduled_sends.update",
    "user.scheduled_sends.delete",
    "access_settings.whitelist.create",
    "access_settings.whitelist.read",
    "access_settings.whitelist.update",
    "access_settings.whitelist.delete",
    "access_settings.activity.read",
    "whitelabel.create",
    "whitelabel.read",
    "whitelabel.update",
    "whitelabel.delete",
    "suppression.create",
    "suppression.read",
    "suppression.update",
    "suppression.delete"
]

}

But there is no "user-related" permissions. For this reason I tried to "change" my Key permission like:

{
"name": "__NAME__",
"scopes": [
    "alerts.create",
    "alerts.read",
    "alerts.update",
    "alerts.delete",
    "asm.groups.create",
    "asm.groups.read",
    "asm.groups.update",
    "asm.groups.delete",
    "ips.pools.ips.read",
    "mail.send",
    "mail_settings.bcc.read",
    "mail_settings.bcc.update",
    "mail_settings.address_whitelist.read",
    "mail_settings.address_whitelist.update",
    "mail_settings.footer.read",
    "mail_settings.footer.update",
    "mail_settings.forward_spam.read",
    "mail_settings.forward_spam.update",
    "mail_settings.plain_content.read",
    "mail_settings.plain_content.update",
    "mail_settings.spam_check.read",
    "mail_settings.spam_check.update",
    "mail_settings.bounce_purge.read",
    "mail_settings.bounce_purge.update",
    "mail_settings.forward_bounce.read",
    "mail_settings.forward_bounce.update",
    "partner_settings.new_relic.read",
    "partner_settings.new_relic.update",
    "partner_settings.sendwithus.read",
    "partner_settings.sendwithus.update",
    "tracking_settings.click.read",
    "tracking_settings.click.update",
    "tracking_settings.subscription.read",
    "tracking_settings.subscription.update",
    "tracking_settings.open.read",
    "tracking_settings.open.update",
    "tracking_settings.google_analytics.read",
    "tracking_settings.google_analytics.update",
    "user.webhooks.event.settings.read",
    "user.webhooks.event.settings.update",
    "user.webhooks.event.test.create",
    "user.webhooks.event.test.read",
    "user.webhooks.event.test.update",
    "user.webhooks.parse.settings.create",
    "user.webhooks.parse.settings.read",
    "user.webhooks.parse.settings.update",
    "user.webhooks.parse.settings.delete",
    "stats.read",
    "stats.global.read",
    "categories.stats.read",
    "categories.stats.sums.read",
    "devices.stats.read",
    "clients.stats.read",
    "clients.phone.stats.read",
    "clients.tablet.stats.read",
    "clients.webmail.stats.read",
    "clients.desktop.stats.read",
    "geo.stats.read",
    "mailbox_providers.stats.read",
    "browsers.stats.read",
    "user.webhooks.parse.stats.read",
    "templates.create",
    "templates.read",
    "templates.update",
    "templates.delete",
    "templates.versions.create",
    "templates.versions.read",
    "templates.versions.update",
    "templates.versions.delete",
    "templates.versions.activate.create",
    "user.timezone.read",
    "user.timezone.update",
    "user.settings.enforced_tls.read",
    "user.settings.enforced_tls.update",
    "api_keys.create",
    "api_keys.read",
    "api_keys.update",
    "api_keys.delete",
    "email_activity.read",
    "categories.create",
    "categories.read",
    "categories.update",
    "categories.delete",
    "mail_settings.template.read",
    "mail_settings.template.update",
    "marketing_campaigns.create",
    "marketing_campaigns.read",
    "marketing_campaigns.update",
    "marketing_campaigns.delete",
    "mail.batch.create",
    "mail.batch.read",
    "mail.batch.update",
    "mail.batch.delete",
    "user.scheduled_sends.create",
    "user.scheduled_sends.read",
    "user.scheduled_sends.update",
    "user.scheduled_sends.delete",
    "access_settings.whitelist.create",
    "access_settings.whitelist.read",
    "access_settings.whitelist.update",
    "access_settings.whitelist.delete",
    "access_settings.activity.read",
    "whitelabel.create",
    "whitelabel.read",
    "whitelabel.update",
    "whitelabel.delete",
    "suppression.create",
    "suppression.read",
    "suppression.update",
    "suppression.delete",
    "user.account.read",
      "user.credits.read",
      "user.email.create",
      "user.email.delete",
      "user.email.read",
      "user.email.update"
]
}

But I had no luck:

{
"errors": [
    {
        "field": null,
        "message": "unauthorized scopes: [user.account.read user.credits.read user.email.create user.email.delete user.email.read user.email.update]"
    }
]
}

Is there any way to INVITE with API KEY some users to SendGrid? Is something I'm doing wrong or related to my plan?

Thanks

1

There are 1 answers

0
Ziba Leah On BEST ANSWER

The response was in the docs, summarizing:

You must creating superpower API KEY with Username + Password and then use them.

From: https://sendgrid.com/docs/Classroom/Basics/API/api_key_permissions.html

"Important things to know before making the above API request:

  1. You will need to authenticate the above request with your parent account’s username and password because your API key will not have the required API key permissions. There are two ways to authenticate using your username and password:

You can add basic authorization to your API call yourself by base64 encoding your username and password like this: username:password and adding it to your Authorization header as Basic. We go into a little more detail on this here. Or you can use a rest client like Postman or Paw, where you can select to Authenticate with basic auth (your SendGrid parent account username and password) then update the request to add your parent account credentials encoded into the headers. We only recommend authenticating with your username and password when updating your API Key permissions. All other API calls should be authenticated via your API Key.

  1. Make sure that when you make the request, you add all of the scopes you want the API key to have. For example, if you make the request and just list “categories.read” as the scopes, you will then have a key with only the “categories.read” scope. Make sure to list everything you get from the get existing key request in addition to the new scopes you want to add.