Sendgrid 使用 API 密钥进行身份验证
Sendgrid Authenticate with API Keys
我从 SentGrid 收到了以下邮件,
We are emailing to inform you of an upcoming requirement to update your authentication method with Twilio SendGrid to API keys exclusively by December 9th, 2020 in order to ensure uninterrupted service and improve the security of your account. Our records show that you have used basic authentication with username and password for one or more of your API requests with 1 users of your SendGrid account in the last 180 days.
Why API keys?
This is an effort to enhance security for all of our users. Using your account username and password for authentication is less secure than using an API Key. Unlike your username and password, API Keys are uniquely generated and can be set to limit the access and specify permissions for a given request.
What action is required?
Follow these steps to identify and replace your authentication method to API Keys and then implement Two-Factor Authentication (2FA) for enhanced security.
What happens if no action is taken?
On December 9th, 2020 we will no longer accept basic authentication with username and password, and we will be requiring 2FA to login to your account. If you attempt to authenticate your API requests or SMTP configuration with username and password for any of your users after that date, your requests will be rejected.
We’d like to thank you in advance for your prompt attention to these requirements. If you’d like to learn more about how you can enhance the security of your account, view this post. If you have any questions or need assistance, please visit our documentation or reach out to our Support team.
Thank you,
The Twilio SendGrid Team
目前我正在使用以下凭据向 sendgrid 发送邮件,
EMAIL_HOST = 'smtp.sendgrid.net'
EMAIL_USE_TLS = False
EMAIL_PORT = 587
EMAIL_HOST_USER = 'xx@gmail.com'
EMAIL_HOST_PASSWORD = 'xxx'''
Is this change affect me?
是的,可能。使用 API 密钥而不是使用用户名和密码。
是的,一旦他们强制执行双因素身份验证 (2FA),您的应用程序将无法仅使用 username/email 和密码进行基本身份验证。
因此,您需要开始使用 API 键。
迁移很简单:
- 登录sendgrid账户
- 转到 https://app.sendgrid.com/settings/api_keys
- “生成 API 密钥”- 生成一个新的 API 密钥并复制粘贴以供稍后使用
- 代码更改:
- EMAIL_HOST_USER = 'apikey'(用户名只能这样)
- EMAIL_HOST_PASSWORD = 'YOUR_API_KEY'
- 测试一下
如果更改有效,您就可以开始了,并且已经从基本身份验证迁移到 API 密钥。
一开始我觉得这很混乱,所以我想写下它是如何工作的,以防它对其他人有帮助。
当使用简单的 username/password 时,您的应用程序可能会将它们作为环境变量存储在代码中的某处。 Here 是 rails 如何使用这些环境变量的示例,但每个应用程序都会有所不同 - 找到它们。
您可以覆盖这两个现有环境变量的值,但我更喜欢创建两个新环境变量,并在整个应用程序中用新变量替换现有变量的所有引用。
我给两个新的命名:SENDGRID_API_USERNAME 和 SENDGRID_API_KEY
SENDGRID_API_USERNAME 将永远是 'apikey'(一个简单的字符串)SENDGRID_API_KEY 可以制作成 here,看起来像这样 SG.ngeJheYFYQlKU0ufo8x5d1A.TwL2iGABfnBvoTf-09kqeF8tAmbihYzrnopKc-1s5cr
只需使用您的 sengrid_api_key 作为密码,使用字符串 'apikey' 作为用户名
我从 SentGrid 收到了以下邮件,
We are emailing to inform you of an upcoming requirement to update your authentication method with Twilio SendGrid to API keys exclusively by December 9th, 2020 in order to ensure uninterrupted service and improve the security of your account. Our records show that you have used basic authentication with username and password for one or more of your API requests with 1 users of your SendGrid account in the last 180 days.
Why API keys?
This is an effort to enhance security for all of our users. Using your account username and password for authentication is less secure than using an API Key. Unlike your username and password, API Keys are uniquely generated and can be set to limit the access and specify permissions for a given request.
What action is required?
Follow these steps to identify and replace your authentication method to API Keys and then implement Two-Factor Authentication (2FA) for enhanced security. What happens if no action is taken? On December 9th, 2020 we will no longer accept basic authentication with username and password, and we will be requiring 2FA to login to your account. If you attempt to authenticate your API requests or SMTP configuration with username and password for any of your users after that date, your requests will be rejected. We’d like to thank you in advance for your prompt attention to these requirements. If you’d like to learn more about how you can enhance the security of your account, view this post. If you have any questions or need assistance, please visit our documentation or reach out to our Support team. Thank you, The Twilio SendGrid Team
目前我正在使用以下凭据向 sendgrid 发送邮件,
EMAIL_HOST = 'smtp.sendgrid.net'
EMAIL_USE_TLS = False
EMAIL_PORT = 587
EMAIL_HOST_USER = 'xx@gmail.com'
EMAIL_HOST_PASSWORD = 'xxx'''
Is this change affect me?
是的,可能。使用 API 密钥而不是使用用户名和密码。
是的,一旦他们强制执行双因素身份验证 (2FA),您的应用程序将无法仅使用 username/email 和密码进行基本身份验证。
因此,您需要开始使用 API 键。
迁移很简单:
- 登录sendgrid账户
- 转到 https://app.sendgrid.com/settings/api_keys
- “生成 API 密钥”- 生成一个新的 API 密钥并复制粘贴以供稍后使用
- 代码更改:
- EMAIL_HOST_USER = 'apikey'(用户名只能这样)
- EMAIL_HOST_PASSWORD = 'YOUR_API_KEY'
- 测试一下
如果更改有效,您就可以开始了,并且已经从基本身份验证迁移到 API 密钥。
一开始我觉得这很混乱,所以我想写下它是如何工作的,以防它对其他人有帮助。
当使用简单的 username/password 时,您的应用程序可能会将它们作为环境变量存储在代码中的某处。 Here 是 rails 如何使用这些环境变量的示例,但每个应用程序都会有所不同 - 找到它们。
您可以覆盖这两个现有环境变量的值,但我更喜欢创建两个新环境变量,并在整个应用程序中用新变量替换现有变量的所有引用。
我给两个新的命名:SENDGRID_API_USERNAME 和 SENDGRID_API_KEY
SENDGRID_API_USERNAME将永远是 'apikey'(一个简单的字符串)SENDGRID_API_KEY可以制作成 here,看起来像这样SG.ngeJheYFYQlKU0ufo8x5d1A.TwL2iGABfnBvoTf-09kqeF8tAmbihYzrnopKc-1s5cr
只需使用您的 sengrid_api_key 作为密码,使用字符串 'apikey' 作为用户名