Exposed API Key Deletion

Why was my API key deleted?

If you received an email from SendGrid, subject Action Required - Twilio SendGrid API Credentials Found Exposed, your API key was detected to be publicly posted on GitHub.

SendGrid may automatically delete your exposed API key in an effort to protect your account. Exposed API keys can be used to send malicious email, access personal information, acquire the information of your recipients, and overall pose a great risk to the security of your account.

For how long was my API key exposed?

Our systems constantly monitor for API key exposure and take action within moments of exposure detection.

What happens to API requests using the deleted key?

API requests using a deleted key will fail with a 401 Unauthorized error.

What action is required?

If you have an application utilizing the now deleted API key, you must update that application to use a new API key.

How do I make a new API key?

If you presently have zero API keys, use the SendGrid App to create your first key.

If you still have an active key with sufficient permissions, you can reference instructions on how to use the API to create a new Twilio SendGrid API key here.

How do I keep my API key private on GitHub?

You can reference instructions on how to make your GitHub repository private here.

How can I get more help?

If you are observing unexpected behavior or need further assistance, please contact Support.

Have more questions? Submit a request