Skip to contentSkip to navigationSkip to topbar
On this page

Update Enforced TLS settings



API Overview

api-overview page anchor

The Enforced TLS settings specify whether or not the recipient of your send is required to support TLS or have a valid certificate. The Enforced TLS endpoint supports retrieving and updating TLS settings.

Twilio SendGrid sends all emails with Opportunistic TLS(link takes you to an external page) by default, meaning email is sent with TLS, and if the recipient's inbox provider does not accept the TLS encryption, we then send the message unencrypted.

You can optionally choose to enforce TLS encryption, meaning that if the recipient's inbox provider does not accept the TLS encryption, Twilio SendGrid drops the message and sends a block event with "TLS required but not supported" as the description.

(information)

Info

Twilio SendGrid has ended support for inbound connections to our platform using TLS 1.0 and 1.1. The Enforced TLS API has not been modified at this time, and you may continue to set version 1.1 as a required minimum to be accepted for your outbound email traffic.


PATCH/v3/user/settings/enforced_tls

Base url: https://api.sendgrid.com (for global users and subusers)

Base url: https://api.eu.sendgrid.com (for EU regional subusers)

This endpoint allows you to update your Enforced TLS settings.

To require TLS from recipients, set require_tls to true. If either require_tls or require_valid_cert is set to true, the recipient must support TLS 1.1 or higher or have a valid certificate. If these conditions are not met, Twilio SendGrid will drop the message and send a block event with “TLS required but not supported” as the description.


Authentication

authentication page anchor
Property nameTypeRequiredDescription
Authorizationstringrequired
Default: Bearer <<YOUR_API_KEY_HERE>>

on-behalf-ofstring

Optional

The on-behalf-of header allows you to make API calls from a parent account on behalf of the parent's Subusers or customer accounts. You will use the parent account's API key when using this header. When making a call on behalf of a customer account, the property value should be "account-id" followed by the customer account's ID (e.g., on-behalf-of: account-id <account-id>). When making a call on behalf of a Subuser, the property value should be the Subuser's username (e.g., on-behalf-of: <subuser-username>). See On Behalf Of for more information.

Encoding type:application/json
SchemaExample
Property nameTypeRequiredDescriptionChild properties
require_tlsboolean

Optional

Indicates if you want to require your recipients to support TLS.


require_valid_certboolean

Optional

Indicates if you want to require your recipients to have a valid certificate.


versionenum<float>

Optional

The minimum required TLS certificate version.

Default: 1.1Possible values:
1.11.21.3
200401403404500
SchemaExample
Property nameTypeRequiredDescriptionChild properties
require_tlsboolean

Indicates if you want to require your recipients to support TLS.


require_valid_certboolean

Indicates if you want to require your recipients to have a valid certificate.


versionenum<float>

The minimum required TLS certificate version.

Default: 1.1Possible values:
1.11.21.3
Update Enforced TLS settingsLink to code sample: Update Enforced TLS settings
1
const client = require("@sendgrid/client");
2
client.setApiKey(process.env.SENDGRID_API_KEY);
3
4
const data = {
5
require_tls: true,
6
require_valid_cert: true,
7
version: 1.1,
8
};
9
10
const request = {
11
url: `/v3/user/settings/enforced_tls`,
12
method: "PATCH",
13
body: data,
14
};
15
16
client
17
.request(request)
18
.then(([response, body]) => {
19
console.log(response.statusCode);
20
console.log(response.body);
21
})
22
.catch((error) => {
23
console.error(error);
24
});

Need some help?

Terms of service

Copyright © 2025 Twilio Inc.