Wrong credentials in sending mail using sendgrid

Question

This is the code for sending email using sendgrid i have correct api key still the browser displays error as

HTTP/1.1 401 Unauthorized Server: nginx Date: Thu, 14 Jul 2016 08:14:32 GMT Content-Type: application/json Content-Length: 88 Connection: keep-alive {"errors":[{"message":"Permission denied, wrong credentials","field":null,"help":null}]}

 <?php
    require '/sendgrid-php/vendor/autoload.php';
    if(require("sendgrid-php/vendor/autoload.php"))
        {echo "path found";}

    sendemail('kanwararyan2@gmail.com','SEndgrid','kanwararyan1@gmail.com','HI');
    function sendemail($f,$s,$t,$m){

    $from = new SendGrid\Email(null, $f);
    $subject = $s;
    $to = new SendGrid\Email(null, $t);
    $content = new SendGrid\Content("text/plain", $m);
    $mail = new SendGrid\Mail($from, $subject, $to, $content);

    $apiKey = getenv('Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
    $sg = new \SendGrid($apiKey);

    $response = $sg->client->mail()->send()->post($mail);
    echo $response->statusCode();
    echo $response->headers();
    echo $response->body();
}
?>

Answer 1

Looks like you didn't set the environment variable with the api key that you're trying to use with:

$apiKey = getenv(...);

Please check documentation here as it looks like you're using the example code.

Just for a test you can use:

$apiKey = 'add here your api key';

replacing the usage of getenv. It should work. Then you can set the api key in a config file or as env variable (depending on your application) in order to not hardcode it into the script.

Answer 2

I had the exact same issue, removing the getenv() and hard coding the API key in resolved the problem.

Why SendGrid decided it was a good idea to include it in the sample code on their website; without pointing out that you need to do more than just use the sample code I'm not sure.

Just a little "NOTE: You also need to set the environment variables in X location", would have sufficed.

Anyway, all up and running now... thank you!

Answer 3

Apparently, the documentation is not as clear as is should be.

Short Answer:

I had this same exact issue. Here's the answer I got, and I was actually able to implement code as displayed in the documentation. Basically you need to use a third party utility that parses .env files and makes the data available to your PHP runtime.

From the utility's documentation, I learned environment variables are usually for development purposes only and that production code usually has real data (the secrets) hard coded. The whole .env file (in this case sendgrid.env and getenv('YOUR_API_KEY') is so you don't need to necessarily share crucial data when sharing code such as on Github, hence the addition of the .env file to .gitignore. Read the original answer for a full back story and how to get getenv() working!

Blows my mind why they wouldn't include such crucial data in the readme.md but its pretty messed up and a lot of people have been stuck. Maybe I'll submit a issue when I get time, but no promises.

Check out dotenv's .readme for lots of clarity! :D

Long Answer:

If you're not sharing code (i.e. this is your personal project or your client doesn't care about sharing secrets), you don't need to set environment variables. Remove the getenv lines from your code and hard code your key.

However, if you're collaborating then, ideally, you should figure out a way to not include sensitive information in the code you share. In Sendgrid's example, they use PHP's getenv function to retrieve sensitive data but don't really show how to store that data so that it is available in your PHP runtime. Apart from mini hints such as adding the sendgrid.env file to .gitignore (telling you that the sendgrid.env file won't be uploaded to a git repository), there is much information on how to make the contents of sendgrid.env (which is storing your api_key available to your PHP runtime. Hence, everytime you run your code, PHP wont actually be able to see your key.

However, a deeper search into their git repository and you see a more detailed example where they use a PHP utility dotenv whose entire purpose is to crawl .env files and allow PHP to parse information from those files.

Therefore, to get getenv('YOUR_API_KEY')) to work you'll need to either use the dotenv utility or, as I was told by SendGrid's community manager, "figure out on my own how to store environment variables securely and make them available to the PHP environment".

Answer 4

For those who are still struggling with this, you can remove then env() function from wrapping your key.

$apiKey = ''

This will be ok in development, but for production refer to this section on the send grid documentation:

Setup Environment Variables

Update the development environment with your SENDGRID_API_KEY, for example:

echo "export SENDGRID_API_KEY='YOUR_API_KEY'" > sendgrid.env
echo "sendgrid.env" >> .gitignore
source ./sendgrid.env

Answer 5

$sendgrid = new \SendGrid(getenv('SENDGRID_API_KEY'));

In latest https://github.com/sendgrid/sendgrid-php/releases code base using following resolved the issue

$sendgrid = new \SendGrid('SENDGRID_API_KEY');

i.e remove getenv()

Answer 6

For me after you create the API in SendGrid, they display the API TOKEN and let you know that they are only showing it once for security reasons and to save it some place safe. This API TOKEN is quite different from the API KEY in which the sample code suggests you use. This is what I needed to use in the $apiKey variable without the getenv(..). I hope that helps someone else get to it faster...

Answer 7

If you are using dotenv in PHP, the Sendgrid APIKEY must be listed in the file .env (not sendgrid.env, that's a different file). Dotenv parses the content of the environment variables set there using the expression:

$_ENV["SENDGRID_API_KEY"]

if the .env contains such a variable defined as follows:

SENDGRID_API_KEY = "SG.XXXXXXXXXXXXXXXXXXX"

It worked for me, without creating file sendgrid.env or running source command on it, as the documentation requests.