Skip to content

What features do you want to see added to Mailgun?

← Feature Requests

Multiple API Keys

Option to have multiple API keys, for example: client 1 has the API key exposed, we now have to roll this key, and update all clients using it.

Whereas, if we had multiple keys, we'd only need to roll and update that one client using the key.

107 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Nic Davies shared this idea  ·   ·  Report…  ·  Admin →
completed  ·  AdminChris Farmer (Product Manager, Mailgun) responded  · 

Hi all,


Thanks so much for your feedback here. We've recently released the ability to create multiple API keys for your Mailgun account. Additionally, we've enhanced the security of the keys such that they are now hashed vs just encrypted (this does mean that once you generate a key and close the modal, we will be unable to display it in plain text, so be sure to store your key safely).

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Thaddeus Pinch commented  ·   ·  Report

    Just got hacked and had to change the key on 10 sites. This is a rudimentary security feature you need to implement asap.

  • Ika Ika commented  ·   ·  Report

    I can't understand how this is almost 2023 and this is still an open issue.

    How challenging it is to allow multiple keys? If my key was exposed, I need to go and update 30 sites that are using the existing one. What the heck guys?

  • Matthew Knill commented  ·   ·  Report

    This is crucial for us! With our many servers, it will simply be unwieldy having to manually update all of them when we want to change the API Key!

  • Lars commented  ·   ·  Report

    It would great if it's possible to create scoped API keys independent of the user account. For example, as an admin user on the account, I would like to create a developer api key for use in our applications, so the application wouldn't have all the same permissions as the admin user.

  • Anonymous commented  ·   ·  Report

    The lack of security features in mailgun could fast become a deal breaker.

    We need the ability to have multiple scoped keys.

  • Tom Duffield commented  ·   ·  Report

    It would be great if we could create multiple API keys that can be scoped either to roles (e.g., Developer) or functionality (e.g., only has permission to update templates).

    Having a single API key exposes us to a ton of risk that we are forced to accept simply because there is no other way.

  • Antoine commented  ·   ·  Report

    We'd find this very useful too to be able to assign/rotate unique keys for each of our services!

  • Jonathan Boarman commented  ·   ·  Report

    This could easily be a paid plan feature.

    The number of new paid plan signups that this feature would bring would more than pay for its addition.

  • Ika Ika commented  ·   ·  Report

    How is this not a capability?? it's such a basic requirement.. I work with 10 systems, and I have to change a key, it'll take me a week to get all of the developers to align at the same time.

  • Kryštof Korb commented  ·   ·  Report

    Must have, also having the key scoped to certain domains to separate different environments.

  • Emmanuel Lagrée commented  ·   ·  Report

    Hello,

    It would be nice to provide a better granularity for API Keys.

    For now it's only possible to do operations like domain creation, route creation using the "Primary account API key".

    It's giving unnecessary extra permissions which is not a good practice.

    Would it be possible to provide a better RBAC for your API Key such as what can we do (read only, or read/create etc.) as well as the scope (like only for domain/route creation and not for "admin" operations.

    Some other competitors are already providing this kind of features and it's very helpful.

    Thank you !

    Regards

  • Charles Stephenson commented  ·   ·  Report

    Not having this feature is making me consider alternative suppliers. We need separate API keys for statistics as well as sending.

  • James commented  ·   ·  Report

    I agree with the other comments that this really is a must-have. I'm setting up some diagnostic monitoring software that sends emails to alert us on various error conditions and I have to use the same API key as our production system uses which is far from ideal.

  • Sean Lim commented  ·   ·  Report

    I have got two applications, each sending emails out of their own subdomain.
    Though they are able to send emails to their own mailing list, it is not possible for them to manage(create/update/delete) their own mailing lists.

    Being able to manage their own mailing lists is important, else the use of the account-level API would be an over privileged access.

  • Mark Ryder commented  ·   ·  Report

    At least give us an API key per sending domain
    Surely this is a significant security risk - if anyone misuses or highjacks a site I cannot close it down without killing all my client sites?

  • NormK commented  ·   ·  Report

    Definitely need this

  • Mario Flores commented  ·   ·  Report

    Please add the capacity to have multiple, revocable API credentials - e.g. for staging or dev environments. Seems like a major missing feature to this tech guy.

  • Joseph Chekanoff commented  ·   ·  Report

    This is essential for service-based agencies that work with a large number of domains.

  • Dung Vu commented  ·   ·  Report

    why is this certainly feature not exist in the mailgun? we need it

← Previous 1

Feature Requests: Feature Enhancements

Categories

Feedback and Knowledge Base

(thinking…)