11

I'm using Mandrill to send emails from my Rails 3 application. In production, I use the API key I set up in their admin console. To prevent dev and test SNAFUs that might email all our users, I've put garbage keys in the development and test environment config and I only put the real key in the production config. Mandrill allows you to create multiple API keys. Does anyone know if there's a way to configure Mandrill such that an API call to send an email using the development or test key will fail unless a certain precondition is met (e.g. email domain matches mycompany.com)?

Chris B
  • 764
  • 1
  • 7
  • 19

4 Answers4

14

Mandril now have added test API keys. Read More on their site

Mark Amery
  • 143,130
  • 81
  • 406
  • 459
Alexandru R
  • 8,560
  • 16
  • 64
  • 98
11

Mandrill API keys all function the same and have full access for all API calls in the account. There's not currently a concept of a development, sandbox or test key, or scoping API keys. However, test mode/functionality is on the development roadmap. I don't currently have an ETA, but it's definitely something we're working on.

EDITED TO ADD: As of the time of this answer originally, this wasn't possible. Mandrill does now have a test mode.

Kaitlin
  • 6,167
  • 32
  • 30
  • 4
    I wanted to update and let you know that we've added a few new features that can help with testing and security. First, API keys can now be scoped to work only from certain IP addresses and/or to only be able to access certain API calls. The Rules Engine allows you to automatically reject emails that meet certain criteria, so if your testing environment all sends 'from' the same address, you could have those emails rejected instead of sent, if you'd like. We're still planning on other testing functionality, so feel free to drop us a line with feedback or ideas - help.mandrill.com – Kaitlin Jun 18 '13 at 10:51
  • @Kaitlin-Mandrill Can you tell me if it is possible to set-up Mandrill with Mailtrap? I would like to send emails and view them but not actually have them go to a real user. If that makes sense. – iQ. Sep 12 '14 at 16:42
  • @Kaitlin-Mandrill The thing about the test api key (test mode) is that emails aren't sent. A big part of our testing is receiving certain emails, clicking on a link and going through the per user workflow. Would be neat to be able to specify a list of allowed recipients for testing purposes within test mode. – The Muffin Man Oct 24 '14 at 15:49
  • 1
    @TheMuffinMan - your best bet in that case is to create a real API key, and then use the Rules Engine to allow that key to only send to certain addresses (such as on your domain). You could also use the Rules Engine to automatically tag emails with that API key so you can distinguish them from other/production emails. – Kaitlin Oct 28 '14 at 13:30
  • @Kaitlin-Mandrill Thanks for your reply. I guess the real problem is that we don't want our reputation to take a hit while we are sending test emails using a live api key. Our thoughts were to create two live Mandrill accounts and let one of them be our test account. If it takes some hits on reputation (bounces) then it wouldn't affect the production applications. – The Muffin Man Oct 28 '14 at 16:15
  • @TheMuffinMan - if you're using the original workflow you described, with needing to actually receive and click through on certain test emails, then it should be assumed that you're sending to existing addresses. As long as you're not sending to addresses you know are bad or marking the emails as spam, you should be fine. But if you know you're going to get bounces, that's a different type of test, and should be segregated from your workflow the requires receiving and clicking on emails. – Kaitlin Nov 03 '14 at 14:28
  • Dear god this comment was made over two years ago, this is a huge pain-point for us on Mandrill (not my choice)... sigh... – StrangeWill Dec 01 '15 at 17:33
  • Hi @Kaitlin-Mandrill, I know that you can't delete this obsolete answer of yours yourself since it's accepted, but you can Flag it and use an "Other" flag to ask the mods to delete it for you. Since it's obsolete and misleading for readers in 2015, I recommend that you do this to get it removed from the page. – Mark Amery Jan 06 '16 at 18:56
  • @MarkAmery - I've edited the answer to provide a link to the KB article for the current test mode functionality. – Kaitlin Jan 20 '16 at 14:02
  • It says on the page: "Free Mandrill accounts can generate up to 1,000 test emails..."... well that's not an awful lot, is it? What happens if I exceed that amount just by performance for testing? – fatuhoku Jan 21 '16 at 19:58
7

There are two possible approaches to creating a "development" API key in Mandrill, which serve different use cases:

  1. Create a Test Key. No emails sent using this key will actually be sent. This is the simplest approach, and appropriate if your testing flow doesn't require you to actually receive your test emails. (You can still see the content of the emails that would have been sent in the Outbound tab.)

  2. Create a live API key, and use the Rules Engine to make it so that emails sent with this key will be automatically rejected unless the recipient address matches some pattern. You should use this approach if your testing flow requires actually receiving the emails you send - for example, if you have an automated end-to-end test of your password reset functionality.

Approach 1: Using Test Mode

Test Mode was added to Mandrill in 2013. To use it, first create a Test Key from the API Keys subsection of the SMTP & API Info section of the Settings tab. The first key you create here will always be a live key, but if you click "New API Key" a second time, you will be able to choose to create a test key:

Screenshot showing the "Test Key" checkbox

Once you've done that, "send" some emails using the Test Key (the emails won't actually be sent) and click the Turn on test Mode option from the dropdown menu at the top-right of the screen:

Screenshot showing how to turn on Test Mode

While the admin panel is in Test Mode, if you go to the Outbound tab you will be able to see emails you've asked Mandrill to send with your test API key, as if they had really been sent.

Approach 2: Using the Rules Engine

First, create a new live API key from the API Keys subsection of the SMTP & API Info section of the Settings tab. You must give the key a Description, or you will not be able to refer to it from the Rules Engine.

Next, go to the Rules section of the Outbound tab and click "Add Rule":

Image showing 'outbound', 'rules' and 'add rule'

From the Rules interface, set up a rule that will reject emails if the API key is your test key and the recipient's email matches some pattern of your choosing. The pattern could be a single email address like testbot@yourdomain.com, or it could be an entire domain, like *@yourdomain.com.

Example rules

In case you want to craft your own, complicated pattern, note that per the docs, Mandrill uses Python's fnmatch module to match your patterns against email addresses (which uses glob syntax, which you may be familiar with from your shell if you use Unix).

Emails you send using this key to domains matching your pattern will really be sent and show up in the live Outbound tab. Ones that don't match the pattern will not be sent and will show up as "rejected" in the live Outbound tab.

Mark Amery
  • 143,130
  • 81
  • 406
  • 459
0

We like to see the emails go out even in test/dev so that we can see things work end-to-end. To prevent issues with customers getting a test email, we configure an initializer (Ruby on Rails) that will substitute the recipient if not production. Don't leave the check up to individual Mailer implementations - someone will forget. 

MandrillMailer.configure do |config|
  config.api_key = ENV['MANDRILL_API_KEY']

  # Set recipients to test@ourdomain.com if we're not in production
  if !Rails.env.production?
    config.interceptor = Proc.new do |params|
       params[:to] = [{ email: "test@ourdomain.com", name: "Test", type: "to" }]
    end
  end

end
Dave T
  • 211
  • 3
  • 3