How to Send Emails with Twilio SendGrid on EU Servers

Time to read: 6 minutes

August 26, 2024
Written by
Yukti Ahuja
Twilion
Brandon Walker
Twilion
Reviewed by
Tyler Bischel
Twilion
Jesse Sumrak
Twilion
Paul Kamp
Twilion

How to Send Emails with Twilio SendGrid on EU Servers

With a growing emphasis on data protection and regional compliance, businesses are increasingly seeking ways to ensure their data remains within specific geographical boundaries. Twilio SendGrid has introduced the capability to send outbound emails using servers located in the European Union, providing an enhanced level of data sovereignty.

In this post, you'll learn how to configure your SendGrid setup to keep your data within the EU. This includes steps to create regional subusers, assign dedicated IPs, configure DNS records, and utilize the SendGrid API at the api.eu.sendgrid.com endpoint.

Let’s see how to set this up!

There are two possible configurations for this use case: you can either create one or more subusers specifically for sending emails via the EU region, or just use the parent account for this purpose. The overall process is similar for both approaches, with the key difference being the API key used to assign the IP addresses. In this guide, we'll focus on the first scenario, where emails are sent by a specific EU subuser.

Prerequisites

Before starting, you will need a Twilio SendGrid Pro or Premier Account. If you don’t yet have one, you can sign up for an account here.

Step-by-Step Instructions

Once you have the sendgrid account in place, you’re ready to set up a subuser to send from the EU! These next steps will walk through what you’ll need.

  • A SendGrid API Key with Full Access permission on the Parent Account
  • Procure EU IP Address for the EU Subuser
  • A Sendgrid subuser that will be bound to the EU region
  • A SendGrid API Key with atleast mail-send permission on the Newly created Subuser Account
  • Sender Authentication to verify that you own the email address or domain that you send emails from.
  • Send an email via this newly created subuser.

Create an API Key for the parent account

Login to your parent account and create a your API key using the Sendgrid app console

Create a SendGrid API Key

Click Create & View, and then save the value of the key somewhere safe – it is only shown once in your console.

IP procurement and assignment

Add a regional IP and assign to parent account and subusers:

The next step is to add a regional IP address and assign it to the parent account and/or the newly created subuser.

Keep in mind that you can only add one IP address per month through self-service.

The cURL command below demonstrates how to add an EU-based IP address and assign it to both the subuser and the parent accounts. For the complete details on this endpoint, refer to the Add a Twilio SendGrid IP Address documentation.

cURL Example: 

curl -H "Authorization: Bearer <<YOUR_API_KEY>>" \
  -X POST "https://api.sendgrid.com/v3/send_ips/ips" \
  -d '{
    "is_auto_warmup": false,
    "is_parent_assigned": true,
    "subusers": ["123456"],
    "region": "eu",
    "include_region": true
  }'

And the response should look something like this: 

{
  "ip": "1.1.1.1",
  "is_auto_warmup": false,
  "is_parent_assigned": true,
  "subusers": ["123456"],
  "region": "eu"
}

To obtain the correct subuser_id for the code above, you would first need to list all the subusers. You can do this by following the instructions provided in the Twilio SendGrid API documentation for listing all subusers. An example is below. 

curl -X GET "https://api.sendgrid.com/v3/subusers" \
  --header "Authorization: Bearer <<YOUR_API_KEY>>"

Here is an example response for the above command: 

[
  {
    "username": "eusubuser",
    "id": 123456,
    "email": "subuser@example.com",
    "disabled": false
  },
  {
    "username": "demo",
    "id": 111111,
    "email": "demo@example.com",
    "disabled": false
  }
]

If you want to add an EU-based IP address to an existing subuser, here’s how you can do it: 

curl -H "Authorization: Bearer <<YOUR_API_KEY_HERE>>" \
  -X POST "https://api.sendgrid.com/v3/send_ips/ips/1.1.1.1/subusers:batchAdd" \
  -d '{
    "subusers": ["111111"]
  }'

And here is an example response: 

{
  "ip": "1.1.1.1",
  "subusers": ["111111"]
}

Create a regional subuser

To create a subuser in the EU region, start by reviewing the SendGrid Subusers API documentation or by following the cURL example provided below. Be sure to specify the region as eu when configuring the subuser.

cURL Example: 

curl -X POST "https://api.sendgrid.com/v3/subusers" \
--header "Authorization: Bearer <<YOUR_API_KEY>>" \
--header "Content-Type: application/json" \
--data '{"username": "eusubuser", "email": "subuser@example.com", "password": "strongpassword123", "region": "eu", "include_region": true}'

And the response is below: 

{
  "username": "eusubuser",
  "user_id": 123456,
  "email": "subuser@example.com",
  "credit_allocation": {
    "type": "unlimited"
  },
  "region": "eu"
}

Complete Sender Authentication

Now that we have created a subuser and assigned it an EU IP address, the next step is to complete the domain authentication for this subuser.

This process also requires adding a record to your DNS provider.

You can complete domain authentication either via the SendGrid UIor through the API. Follow the steps below to complete domain authentication via the API. Each step includes links to the relevant documentation and an example cURL command.

Step 1: Authenticate your domain for the EU region

To authenticate your domain for the EU region, follow the instructions in the Authenticate a Domain documentation.

Run the initial command to authenticate your domain, which will give you the DNS records you need to add to your DNS host. This step also provides you with the domain_id. 

curl -X POST "https://api.sendgrid.com/v3/whitelabel/domains" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>" \
  --header "Content-Type: application/json" \
  --data '{
    "domain": "example.com",
    "region": "eu"
  }' | python -mjson.tool

And the response should be something like this: 

{
    "id": 123456789,
    "user_id": 123456,
    "subdomain": "em9122",
    "domain": "eu.example.com",
    "username": "eusubuser",
    "ips": [1.1.1.1],
    "custom_spf": false,
    "default": false,
    "legacy": false,
    "automatic_security": true,
    "valid": false,
    "dns": {
        "mail_cname": {
            "valid": false,
            "type": "cname",
            "host": "em9323.eu.example.com",
            "data": "u46333263.eu.wl.sendgrid.net"
        },
        "dkim1": {
            "valid": false,
            "type": "cname",
            "host": "s1._domainkey.eu.example.com",
            "data": "s1.domainkey.u43336263.eu.wl.sendgrid.net"
        },
        "dkim2": {
            "valid": false,
            "type": "cname",
            "host": "s2._domainkey.eu.example.com",
            "data": "s2.domainkey.u46136263.eu.wl.sendgrid.net"
        }
    }
}

Step 2: Retrieve the domain_id

Use the provided cURL command to list all authenticated domains and obtain the domain_id for your specific domain. 

curl -X GET "https://api.sendgrid.com/v3/whitelabel/domains" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>"

After running the cURL command to authenticate your domain, you'll need to add the DNS records provided by SendGrid to your DNS host.

Step 3: Validate the domain authentication

After setting up your DNS records, the next step is to validate your domain authentication. This ensures that your DNS records are correctly configured and your domain is ready for use.

Refer to the Validate Domain Authentication documentation for more details. 

curl -X POST "https://api.sendgrid.com/v3/whitelabel/domains/{DOMAIN_ID}/validate" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>"

And the response should look something like this: 

{
  "id": 123456,
  "valid": true,
  "validation_results": {
    "mail_cname": {
      "valid": true,
      "reason": null
    },
    "dkim1": {
      "valid": true,
      "reason": null
    },
    "dkim2": {
      "valid": true,
      "reason": null
    }
  }
}

Step 4: Associate the authenticated domain with your EU-Based Subuser

After validating your domain, the next step is to associate the authenticated domain with your EU-based subuser. This ensures that the subuser can send emails using the authenticated domain.

Refer to the documentation on associating an authenticated domain with a subuser for detailed instructions. 

curl -X POST "https://api.sendgrid.com/v3/whitelabel/domains/{DOMAIN_ID}/subuser" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>" \
  --header "Content-Type: application/json" \
  --data '{
    "username": "eusubuser"
  }'

Step 5: Create a branded link

To create a branded link, you can use the following cURL command. This branded link will be associated with the specified domain in the EU region.

Here’s the cURL command to create a branded link: 

curl -X POST "https://api.sendgrid.com/v3/whitelabel/links" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>" \
  --header "Content-Type: application/json" \
  --data '{
    "domain": "example.com",
    "region": "eu"
  }'

Step 6: Validate the branded link

After creating a branded link, the next step is to validate it to ensure it’s correctly set up. Use the following cURL command to validate your branded link: 

curl -X POST "https://api.sendgrid.com/v3/whitelabel/links/{LINK_ID}/validate" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>"

Use the specific LINK_ID you received when you created the branded link.

Step 7: Associate the branded link with your Subuser

Once the branded link is validated, you can associate it with a specific subuser. This allows the subuser to send emails using the branded link. 

curl -X POST "https://api.sendgrid.com/v3/whitelabel/links/{LINK_ID}/subuser" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>" \
  --header "Content-Type: application/json" \
  --data '{
    "username": "eusubuser"
  }'

Your domain has been successfully verified, and you’re now all set to use it for sending emails!

Create a SendGrid API Key to send emails for the Subuser

SendGrid offers three types of API keys: Full Access, Restricted Access, and Billing Access, each with specific permissions. The first key must be created via the Twilio SendGrid App. Subsequent keys can be managed using the API. More info can be found here.

API Key permissions in SendGrid

Create an API Key in the Console

In the SendGrid Console, navigate to the API Keys section under Settings on the Console landing page. Click Create API Key in the top right corner to open a form on the right side. Name your API key and choose Restricted Access to set permissions.

For security, assign only the necessary permissions. In this tutorial, you'll only need the Mail Send permission. To enable it, scroll to the Mail Send section under Access Details and move the slider to the right.

Finally, click Create & View at the bottom of the form. The API key will be displayed on the screen. Since you won’t be able to retrieve it again after leaving this page, make sure to copy and store the secret securely

Send your email

With your API Key for the EU subuser ready, you can now send an email using the EU-specific base URL api.eu.sendgrid.com.

The cURL command below demonstrates how to send an email through SendGrid's EU region. Simply replace the placeholder email addresses with your authenticated sender email in the "from" field and your recipient's email in the "to" field. For additional details on sending emails programmatically, refer to the full Mail Send API documentation.

curl --request POST \
  --url https://api.eu.sendgrid.com/v3/mail/send \
  --header 'Authorization: Bearer <<YOUR_SUBUSER_API_KEY>>' \
  --header 'Content-Type: application/json' \
  --data '{
    "personalizations": [
      {
        "to": [
          {"email": "<<RECEIPIENT_EMAIL_ADDRESS"}
        ]
      }
    ],
    "from": {"email": "<SENDER_EMAIL_ADDRESS>>"},
    "subject": "Hello, World!",
    "content": [
      {
        "type": "text/plain",
        "value": "Heya!"
      }
    ]
  }' \
  --silent --show-error --fail && echo "Email sent successfully" || echo "Failed to send email"
EU SendGrid email sent successfully on the command line

Conclusion

Twilio SendGrid enables you to manage email sending and receiving at scale.

In this guide, you learned how to send emails in the EU region using Twilio SendGrid's Email API. Here are the steps you performed:

  • Created a subuser assigned to the EU region.
  • Provisioned an IP address in the EU.
  • Authenticated your domain for sending emails.
  • Created a SendGrid API Key with email sending permissions.
  • Send an email using the api.eu.sendgrid.com endpoint.
Regional Email is not available for Marketing Campaigns in this phase. Configurable sending in the EU or Global regions is generally available for initiating email flows, but personal data such as subject, recipient, and sending address are stored globally.

Interested to know more about Sendgrid? Check out our Email API documentation. We can’t wait to see what you build!

Yukti Ahuja is a Principal Solutions Engineer at Twilio. As an SE, she is a problem solver extraordinaire, blending technical expertise to bridge the gap between complex technology and practical solutions for customers.

Related Posts

Related Resources

A newspaper article

Twilio Docs

From APIs to SDKs to sample apps

API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
An Open book

Resource Center

The latest ebooks, industry reports, and webinars

Learn from customer engagement experts to improve your own communication.
User group reactions

Ahoy

Twilio's developer community hub

Best practices, code samples, and inspiration to build communications and digital engagement experiences.