# Update Enforced TLS settings ## API Overview The Enforced TLS settings specify whether or not the recipient of your send is required to support TLS or have a valid certificate. The Enforced TLS endpoint supports retrieving and updating TLS settings. Twilio SendGrid sends all emails with [Opportunistic TLS](https://sendgrid.com/blog/myth-opportunistic-tls-email-privacy/) by default, meaning email is sent with TLS, and if the recipient's inbox provider does not accept the TLS encryption, we then send the message unencrypted. You can optionally choose to enforce TLS encryption, meaning that if the recipient's inbox provider does not accept the TLS encryption, Twilio SendGrid drops the message and sends a block event with "TLS required but not supported" as the description. > \[!NOTE] > > Twilio SendGrid has [ended support for inbound connections to our platform using TLS 1.0 and 1.1](/docs/sendgrid/for-developers/sending-email/support-for-tls-12). The Enforced TLS API has not been modified at this time, and you may continue to set version 1.1 as a required minimum to be accepted for your outbound email traffic. ## Operation overview ```json {"path":"https://api.sendgrid.com/v3/user/settings/enforced_tls","method":"patch","servers":[{"url":"https://api.sendgrid.com","description":"for global users and subusers"},{"url":"https://api.eu.sendgrid.com","description":"for EU regional subusers"}]} ``` **This endpoint allows you to update your Enforced TLS settings.** To require TLS from recipients, set `require_tls` to `true`. If either `require_tls` or `require_valid_cert` is set to `true`, the recipient must support TLS 1.1 or higher or have a valid certificate. If these conditions are not met, Twilio SendGrid will drop the message and send a block event with “TLS required but not supported” as the description. ## Operation details ### Authentication API Key ### Headers ```json [{"in":"header","name":"Authorization","required":true,"default":"Bearer <>","schema":{"type":"string"}},{"name":"on-behalf-of","in":"header","description":"The `on-behalf-of` header allows you to make API calls from a parent account on behalf of the parent's Subusers or customer accounts. You will use the parent account's API key when using this header. When making a call on behalf of a customer account, the property value should be \"account-id\" followed by the customer account's ID (e.g., `on-behalf-of: account-id `). When making a call on behalf of a Subuser, the property value should be the Subuser's username (e.g., `on-behalf-of: `). See [**On Behalf Of**](/docs/sendgrid/api-reference/how-to-use-the-sendgrid-v3-api/on-behalf-of) for more information.","required":false,"schema":{"type":"string"},"refName":"#/components/parameters/OnBehalfOf","modelName":"__components_parameters_OnBehalfOf"}] ``` ### Request body ```json {"schema":{"title":"Enforced TLS Request Response","type":"object","example":{"require_tls":true,"require_valid_cert":true,"version":1.1},"refName":"EnforcedTlsRequestResponse","modelName":"EnforcedTlsRequestResponse","properties":{"require_tls":{"type":"boolean","description":"Indicates if you want to require your recipients to support TLS. "},"require_valid_cert":{"type":"boolean","description":"Indicates if you want to require your recipients to have a valid certificate."},"version":{"type":"number","format":"float","description":"The minimum required TLS certificate version.","default":1.1,"enum":[1.1,1.2,1.3],"refName":"Version","modelName":"Version"}}},"encodingType":"application/json"} ``` ### Responses ```json [{"responseCode":"200","schema":{"description":"","content":{"application/json":{"schema":{"title":"Enforced TLS Request Response","type":"object","example":{"require_tls":true,"require_valid_cert":true,"version":1.1},"refName":"EnforcedTlsRequestResponse","modelName":"EnforcedTlsRequestResponse","properties":{"require_tls":{"type":"boolean","description":"Indicates if you want to require your recipients to support TLS. "},"require_valid_cert":{"type":"boolean","description":"Indicates if you want to require your recipients to have a valid certificate."},"version":{"type":"number","format":"float","description":"The minimum required TLS certificate version.","default":1.1,"enum":[1.1,1.2,1.3],"refName":"Version","modelName":"Version"}}},"examples":{"response":{"value":{"require_tls":true,"require_valid_cert":false}}}}}}},{"responseCode":"401","schema":{"description":"","content":{"application/json":{"schema":{"type":"object","example":{"errors":[{"field":"field_name","message":"error message"}]},"refName":"ErrorResponse","modelName":"ErrorResponse","properties":{"errors":{"type":"array","items":{"type":"object","properties":{"message":{"type":"string","description":"An error message."},"field":{"description":"When applicable, this property value will be the field that generated the error.","nullable":true,"type":"string"},"help":{"type":"object","description":"When applicable, this property value will be helper text or a link to documentation to help you troubleshoot the error."}}}},"id":{"type":"string","description":"When applicable, this property value will be an error ID."}}}}},"refName":"#/components/responses/EnforcedTls401","modelName":"__components_responses_EnforcedTls401"}},{"responseCode":"403","schema":{"description":"","content":{"application/json":{"schema":{"type":"object","example":{"errors":[{"field":"field_name","message":"error message"}]},"refName":"ErrorResponse","modelName":"ErrorResponse","properties":{"errors":{"type":"array","items":{"type":"object","properties":{"message":{"type":"string","description":"An error message."},"field":{"description":"When applicable, this property value will be the field that generated the error.","nullable":true,"type":"string"},"help":{"type":"object","description":"When applicable, this property value will be helper text or a link to documentation to help you troubleshoot the error."}}}},"id":{"type":"string","description":"When applicable, this property value will be an error ID."}}}}},"refName":"#/components/responses/EnforcedTls403","modelName":"__components_responses_EnforcedTls403"}},{"responseCode":"404","schema":{"description":"","content":{"application/json":{"schema":{"type":"object","example":{"errors":[{"field":"field_name","message":"error message"}]},"refName":"ErrorResponse","modelName":"ErrorResponse","properties":{"errors":{"type":"array","items":{"type":"object","properties":{"message":{"type":"string","description":"An error message."},"field":{"description":"When applicable, this property value will be the field that generated the error.","nullable":true,"type":"string"},"help":{"type":"object","description":"When applicable, this property value will be helper text or a link to documentation to help you troubleshoot the error."}}}},"id":{"type":"string","description":"When applicable, this property value will be an error ID."}}}}},"refName":"#/components/responses/EnforcedTls404","modelName":"__components_responses_EnforcedTls404"}},{"responseCode":"500","schema":{"description":"","content":{"application/json":{"schema":{"type":"object","properties":{"errors":{"type":"array","items":{"type":"object","properties":{"message":{"type":"string"}}}}}}}},"refName":"#/components/responses/EnforcedTls500","modelName":"__components_responses_EnforcedTls500"}}] ``` Update Enforced TLS settings ```js const client = require("@sendgrid/client"); client.setApiKey(process.env.SENDGRID_API_KEY); const data = { require_tls: true, require_valid_cert: true, version: 1.1, }; const request = { url: `/v3/user/settings/enforced_tls`, method: "PATCH", body: data, }; client .request(request) .then(([response, body]) => { console.log(response.statusCode); console.log(response.body); }) .catch((error) => { console.error(error); }); ``` ```python import os from sendgrid import SendGridAPIClient sg = SendGridAPIClient(os.environ.get("SENDGRID_API_KEY")) data = {"require_tls": True, "require_valid_cert": True, "version": 1.1} response = sg.client.user.settings.enforced_tls.patch(request_body=data) print(response.status_code) print(response.body) print(response.headers) ``` ```csharp using System; using System.Collections.Generic; using System.Threading.Tasks; using SendGrid; public class Program { public static async Task Main() { string apiKey = Environment.GetEnvironmentVariable("SENDGRID_API_KEY"); var client = new SendGridClient(apiKey); var data = @"{ ""require_tls"": true, ""require_valid_cert"": true, ""version"": 1.1 }"; var response = await client.RequestAsync( method: SendGridClient.Method.PATCH, urlPath: "user/settings/enforced_tls", requestBody: data); Console.WriteLine(response.StatusCode); Console.WriteLine(response.Body.ReadAsStringAsync().Result); Console.WriteLine(response.Headers.ToString()); } } ``` ```java import com.sendgrid.*; import java.io.IOException; import org.json.JSONObject; import java.util.HashMap; import java.util.Arrays; public class Example { public static void main(String[] args) throws IOException { try { SendGrid sg = new SendGrid(System.getenv("SENDGRID_API_KEY")); Request request = new Request(); request.setMethod(Method.PATCH); request.setEndpoint("/user/settings/enforced_tls"); request.setBody(new JSONObject(new HashMap() { { put("require_tls", true); put("require_valid_cert", true); put("version", 1.1); } }).toString()); Response response = sg.api(request); System.out.println(response.getStatusCode()); System.out.println(response.getBody()); System.out.println(response.getHeaders()); } catch (IOException ex) { throw ex; } } } ``` ```go package main import ( "fmt" "github.com/sendgrid/sendgrid-go" "os" ) func main() { apiKey := os.Getenv("SENDGRID_API_KEY") host := "https://api.sendgrid.com" request := sendgrid.GetRequest(apiKey, "/v3/user/settings/enforced_tls", host) request.Method = "PATCH" request.Body = []byte(`{ "require_tls": true, "require_valid_cert": true, "version": 1.1 }`) response, err := sendgrid.API(request) if err != nil { fmt.Println(err.Error()) os.Exit(1) } else { fmt.Println(response.StatusCode) fmt.Println(response.Body) fmt.Println(response.Headers) } } ``` ```php /sendgrid-php.php'; $apiKey = getenv("SENDGRID_API_KEY"); $sg = new \SendGrid($apiKey); $request_body = json_decode('{ "require_tls": true, "require_valid_cert": true, "version": 1.1 }'); try { $response = $sg->client ->user() ->settings() ->enforced_tls() ->patch($request_body); print $response->statusCode() . "\n"; print_r($response->headers()); print $response->body() . "\n"; } catch (Exception $ex) { echo "Caught exception: " . $ex->getMessage(); } ``` ```ruby require 'sendgrid-ruby' include SendGrid sg = SendGrid::API.new(api_key: ENV['SENDGRID_API_KEY']) data = JSON.parse('{ "require_tls": true, "require_valid_cert": true, "version": 1.1 }') response = sg.client.user.settings.enforced_tls.patch(request_body: data) puts response.status_code puts response.headers puts response.body ``` ```bash curl -X PATCH "https://api.sendgrid.com/v3/user/settings/enforced_tls" \ --header "Authorization: Bearer $SENDGRID_API_KEY" \ --header "Content-Type: application/json" \ --data '{"require_tls": true, "require_valid_cert": true, "version": 1.1}' ```