Sendgrid-python: Which versions of API use port 443 and not port 80?

Created on 31 Jul 2020  路  7Comments  路  Source: sendgrid/sendgrid-python

I received an email from Sendgrid with this info:

We鈥檙e emailing to inform you of the upcoming retirement of accessing our Web APIs through port 80 to improve security. Our records show you have used this feature in the month of June.

I'm currently using v6.0.5 of the Python API, and that is the only way I send emails.

It seems hard to believe that a recent version of the Sendgrid API would be using port 80.

Can you confirm that v6.0.5 uses port 443 and that I can ignore the email I received from Sendgrid?

If not, would upgrading to the most recent version be sufficient to use port 443 and not port 80?

waiting for feedback question

Most helpful comment

I have been through the git-blame of the sendgrid.py file, and can see the api endpoint specified as https all the way back at least for 7 years.

In the python-http-client library, can't see any code to override the port. In fact looks like the api endpoint is simply passed to it with the scheme from this package calling it. The example (from 2018) shows a https url being passed to the client. https://github.com/sendgrid/python-http-client/blob/master/examples/live_sendgrid_example.py

I would also like some clarification here following that same email. Thanks.

All 7 comments

The client uses https (port 443) by default (source), but this may be overridden in your own code. Also, this has _not_ changed in more recent versions of this library. Best I can recommend is inspecting your code for all integrations with this library (and potentially the downstream python-http-client) to check for non-https usage.

I have been through the git-blame of the sendgrid.py file, and can see the api endpoint specified as https all the way back at least for 7 years.

In the python-http-client library, can't see any code to override the port. In fact looks like the api endpoint is simply passed to it with the scheme from this package calling it. The example (from 2018) shows a https url being passed to the client. https://github.com/sendgrid/python-http-client/blob/master/examples/live_sendgrid_example.py

I would also like some clarification here following that same email. Thanks.

Seems likely that Sendgrid messed up in sending that email. Could a Sendgrid person please investigate and confirm?

Hello sendgrid team,

We have the same problem "We鈥檙e emailing to inform you of the upcoming retirement of accessing our Web APIs through port 80 to improve security. ", but as @HUSSTECH wrote above, the api used in sendgrid.py is https not http. Can some of you provide some feedback on this issue?

Thanks,

If you are already using port 443 (either manually or by using this library as-is), no further work needs to be done. If you were manually making API calls using http (via cURL, by overriding library defaults, by passing http urls to python-http-client, etc. ), that will no longer be allowed and you will have to migrate to using https

Hi @eshanholtz thanks for the info! I think myself and the other commenters are concerned because we only use this library to make API calls, and we don't understand why that email was sent to us identifying non https use.

I have opened a support ticket from my account to ask if there are any more details as to where/when any non-https api access occurred.

Thank you for all of the feedback everyone.

Our support team has advised that the best course of action is submit a ticket at https://support.sendgrid.com. That said, as mentioned, we are not setting the port to 80 through this library, so as long as your code or server is not re-routing traffic to port 80, you should be fine.

Was this page helpful?
0 / 5 - 0 ratings