SendGrid SMTP Setup: API Key Authentication Step-by-Step (2026)
100 emails/day free forever. API key, not password. Username = 'apikey'.
TL;DR
- check_circleSendGrid SMTP: smtp.sendgrid.net — port 587 (STARTTLS), 25, 2525, or 465 (SSL/TLS).
- check_circleUsername is the literal string 'apikey' — NOT your email or account name.
- check_circlePassword is your API Key, which starts with the prefix "SG." — copy it once at creation, it's never shown again.
- check_circleFree tier: 100 emails/day forever, no credit card required.
- check_circleSender Authentication is mandatory — you can't send from random addresses, even on a paid plan.
Connection settings
smtp.sendgrid.net587STARTTLSapikey (the literal word, not your email)Your SendGrid API Key starting with SG.What you'll need
A free SendGrid account
Sign up at signup.sendgrid.com. They'll ask a few onboarding questions but no credit card is required for the free 100/day tier.
Sign up for SendGridopen_in_newA verified sender or domain
SendGrid won't relay any message until you've proven you own at least one From address — either a Single Sender (one email) or a fully Authenticated Domain (CNAME records).
Step-by-step setup
- 1
Create a SendGrid account
Go to signup.sendgrid.com. Complete email verification, then walk through the onboarding wizard. They'll ask what you'll send and an estimated volume — pick "Transactional" if unsure.
Create your accountopen_in_new - 2
Verify a Single Sender (fastest path)
Dashboard → Settings → Sender Authentication → Single Sender Verification → Create New Sender. Fill out the form (name, From email, From name, address — required by anti-spam law). SendGrid emails the address with a confirmation link. Click it.
Add a Single Senderopen_in_newlightbulbTip: Single Sender works for testing, but Domain Authentication (next step) is what you actually want for deliverability.
- 3
Authenticate your sending domain (recommended)
Dashboard → Settings → Sender Authentication → Authenticate Your Domain → enter your domain. SendGrid generates 3 CNAME records. Add them at your DNS provider (Cloudflare, Namecheap, etc.) and click Verify. This unlocks DKIM-signed mail and dramatically improves inbox placement.
Authenticate a domainopen_in_new - 4
Create an API Key
Settings → API Keys → Create API Key. Name it (e.g. CodeOpx Mail). Choose "Full Access" for testing, or "Restricted Access" with only "Mail Send" permission for production. Click Create & View.
Create an API Keyopen_in_newwarningWatch out: The API Key is shown ONCE — copy it the moment it appears. Lose it and you'll have to revoke and create a new one.
- 5
Use these SMTP server settings
Host: smtp.sendgrid.net · Port: 587 · Encryption: STARTTLS · Username: apikey (literally 'apikey' lowercase) · Password: your full API Key including the 'SG.' prefix.
lightbulbTip: Need port 465 with implicit SSL/TLS? It works too. Use it if your network blocks 587.
- 6
Send a test message
From: your verified Single Sender or any address on your authenticated domain. Anywhere else and SendGrid bounces with 550 "Sender not verified." That's a security feature, not a bug.
Connect to CodeOpx Mail
Plug SendGrid into CodeOpx Mail:
- 1Add the SMTP config
Dashboard → SMTP → "Add config" → choose SendGrid. Username "apikey" pre-fills automatically.
- 2Paste the API Key
Paste your full SG.xxx... key as the password.
- 3Test the connection
Click "Test connection." Green = good. If you see 401, the API Key is wrong. If you see 550 on test send, the From address isn't verified yet.
- 4Compose with the right From
When composing, use a From address you've verified in SendGrid. The composer will warn you before send if it detects an unverified domain.
Common errors & fixes
535 5.7.0 Authentication failedAPI Key is wrong or revoked
SendGrid couldn't validate the credentials.
Fix: Confirm username is literally 'apikey' (lowercase, no quotes). Confirm the password is the full API Key including the SG. prefix. Generate a new key if in doubt.
550 5.7.1 Sender does not matchFrom address not verified
You're sending From: an address SendGrid doesn't recognize as yours.
Fix: Add the From address as a Single Sender, or authenticate the whole domain. SendGrid will not relay unverified senders even on paid plans.
401 UnauthorizedAPI Key revoked or missing scope
The key was deleted, or it doesn't have Mail Send permission.
Fix: Create a new API Key with Full Access or at least Mail Send permission.
421 4.3.0 Too many connectionsBurst rate too high
SendGrid throttled the connection after too many simultaneous opens.
Fix: Pool your SMTP connections — re-use the same TCP session for multiple messages rather than reconnecting every time.
550 5.7.1 Bounce or blockRecipient on SendGrid's suppression list
The recipient previously bounced or marked you as spam — SendGrid auto-suppresses to protect your reputation.
Fix: Check Suppressions → Bounces / Blocks / Invalid Emails in the SendGrid dashboard. Remove the address if it's valid.
Sending limits
SendGrid's free tier is the most generous in the transactional space. Paid plans scale into tens of millions per month.
| Free Forever tier | 100 emails / day, ~3,000 / month |
| Essentials ($19.95/mo) | 50,000 emails / month |
| Pro ($89.95/mo) | 100,000 emails / month, dedicated IP |
| Per-message recipients | 1,000 in one envelope |
| Max message size | 30 MB total |
| Max attachments | Combined attachment payload ≤ 30 MB |
- lightbulbFree-tier sends without Domain Authentication frequently land in spam, even if the From email is verified. Always set up the CNAME records.
- lightbulbSendGrid's per-second throughput is limited on free plans — for high-burst transactional traffic, consider their Pro plan with dedicated IPs.
- lightbulbIf you're hitting 100/day frequently, the next tier ($19.95/mo for 50k/mo) is one of the cheapest in the industry.
FAQ
Why is the username literally 'apikey'?
add
SendGrid uses an unusual SMTP-AUTH scheme: the username is a fixed string ('apikey') and the password slot carries the actual API Key. This lets them route auth through their API gateway without needing per-user SMTP accounts. It's the single most common gotcha — people put their email in the username field and get instant 535 errors.
Can I use a SendGrid Web API Key for SMTP?
add
Yes — API Keys are universal. The same key works for SMTP auth, the Web API v3, and the Marketing Campaigns API. Restrict the scope to just "Mail Send" for production use to limit blast radius if leaked.
What's the difference between Single Sender and Domain Authentication?
add
Single Sender verifies one specific email address (you@gmail.com). It's fast (5 minutes) and good for testing. Domain Authentication adds CNAME DNS records that prove you own a whole domain — SendGrid then signs all mail from that domain with DKIM, dramatically improving inbox placement. Always do Domain Auth for production.
Does SendGrid free tier ever expire?
add
No. The 100/day, ~3000/month tier is free forever, no credit card required, no time limit. SendGrid built it as an evergreen offering to capture developer mindshare. Twilio (parent company) makes their money on paid plans.
Should I use SMTP or the Web API?
add
Web API is faster (one HTTPS POST per message vs. multiple SMTP round-trips), supports batch sends, and is harder to misconfigure. Use SMTP when you have an existing tool that only speaks SMTP. Use the Web API when you're writing new code.
What happens if I hit the daily 100 cap on free tier?
add
Subsequent sends fail with 550 "Daily sending quota exceeded." The cap is a rolling 24-hour window, not midnight-aligned, so it gradually frees up. Upgrade to Essentials for breathing room.
Video tutorial
Watch: SendGrid SMTP setup tutorials on YouTube
We curated a YouTube search of recent walkthroughs by independent creators. The official docs (linked below) remain the source of truth.
play_arrowWatch on YouTubeFurther reading
Related provider guides
Ready to send through sendgrid?
Sign up for CodeOpx Mail, add this SMTP config, and you'll be sending tracked emails in under 5 minutes.