SendGrid Key
Description
General
- Documentation: https://sendgrid.com/docs/API_Reference/index.html
- Summary: SendGrid is a communication platform for transactional and marketing emails. It offers a REST API to programmatically send emails and perform all sort of actions with a SendGrid account. Leaking a SendGrid API key can result in malicious individuals sending emails in the name of the concerned organization.
- IPs allowlist: IP allowlisting can be set in the web application under Settings in the IP Access Management tab. This documentation provides more thorough details on the process.
- Scopes: There are three types of API keys, these are described in the Type of API keys page of the documentation.
Revoke the secret
This can be done on the SendGrid dashboard. More information can be found in the documentation.
Check for suspicious activity
SendGrid keeps security logs during one year as mentioned here. Recent access attempts are also displayed in the web application under Settings in the IP Access Management tab. This documentation page gives more details.
Details for SendGrid Key
-
Family: token
-
Category: messaging_system
-
Company: SendGrid
-
High recall: True
-
Validity check available: False
-
Analyzer available: True
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 20.78
-
Prefixed: True
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- sg\.
Examples
- text: 'email.config.server.password=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'
apikey: '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'
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: True
- Total network call count: 1
- Total call count may vary: False
HTTP Calls
Requests are designed to capture metadata and not to function effectively.
- GET: /v3/scopes
Other Calls
Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.
