Use API Key in Meteor:Email

hluz · December 1, 2020, 10:09pm

Works for me with something like this as the MAIL_URL:

smtps:apikey:thisiswherethelongapikeygoes@smtp.sendgrid.net:465?tls.rejectUnauthorized=false&ignoreTLS=false&requireTLS=true&logger=false&debug=false

sarojmoh1 · December 2, 2020, 2:46pm

Oh man, this worked, thanks so much!

The url I was using before did not include the params and I got Error: Invalid login: 535 Authentication failed: Bad username / password.

Nothing in the SendGrid Docs said anything about the params. How did you know to include them and are there any security repercussions to this? I’m using smtp and not smtps btw.

sarojmoh1 · December 2, 2020, 5:25pm

Haha, after all that, SendGrid postponed their due date to use API keys another month. I’m sure they got some complaints and maybe other users had same issue I did. I think it was crazy they alerted their clients of this just 30 days before.

hluz · December 2, 2020, 8:43pm

See https://nodemailer.com/smtp/

sarojmoh1 · December 2, 2020, 9:10pm

I still think it’s weird that I got a 535 error from them rather than something related to security.

peterfkruger · December 3, 2020, 10:44am

You are right, and that seems to be such a trivial error that one would expect to be responded with a proper error code and message.

All in all this is bad news. I’m with sendinblue, sendgrid’s competitor, and their API is a mess, and we have had lots of problems with their whole setup until we managed to figure out their peculiarities one by one. I kind of hope(d) that one day I could drop them for good in favour of sendgrid, but this incident doesn’t give me full confidence in the latter either.

sarojmoh1 · December 3, 2020, 2:12pm

When I saw 535, naturally, I assumed that using smtp url was not gonna work anymore and then thought I had to solution things programmatically. Several dev hours later, I find I can still resolve things by just changing an Env var. It is what it is and I’m glad it took me down a path to learn a little bit more about Fibers, wrapAsync, and converting Promises to CBs, but shame that company who boasts about being #1 email provider would do this to clients. But, then again, I’m not sure what they’re dealing with. Looks like they were recently acquired by Twilio. My guess some higher-up, said “WHOA! you’re still using username/password auth…fix now!”

Regarding other alternatives…never heard of Sendblue. Was thinking of using Outlook 365…or at this point just using own IMAP or SMTP server

Apologies for slight rant. Shouldn’t complain much as I realized we’re not actually paying for them. Free account does what we need in terms of Email limit