I’ve tried a bunch of things but can’t seem to make this work.
Running Ghost 5.22.10 on my own subdomain. My company has been using Mailgun for years for other transactional e-mail and we have at least 10 different API keys for various things all currently working.
I created the API key for Ghost. Put it in the UI and entered all the information, but it just doesn’t work. The single emails from the production.json config is fine, this is the API part that isn’t working.
I get a 401: Forbidden error (see below) yet I have deleted and recreated the API key in Mailgun at least five times, and put the new ones in Ghost each time. Still nothing, always the 401 error, and nothing appears in the Mailgun logs either.
Anyone else have this problem?
MESSAGE: The email service received an error from mailgun and was unable to send.
“Mailgun Error 401: Forbidden”
“Email Newsletters — Ghost Developer Docs”
EmailError: The email service received an error from mailgun and was unable to send.
at Object.send (/var/www/ghost/versions/5.22.10/core/server/services/bulk-email/bulk-email-processor.js:257:30)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async Object.sendTestEmail (/var/www/ghost/versions/5.22.10/core/server/services/mega/mega.js:110:22)
at async Object.query (/var/www/ghost/versions/5.22.10/core/server/api/endpoints/email-previews.js:74:20)
at async /var/www/ghost/versions/5.22.10/node_modules/@tryghost/api-framework/lib/http.js:64:28
[2022-11-15 16:19:32] ERROR “POST /ghost/api/admin/email_previews/posts/6372a8bbc4e06b1f25882982/” 500 694ms
The 401 error in this case is coming from Mailgun’s API.
Double check that your domain, region, and API key are all correct. If they are, you’re best off asking them what’s happening.
They don’t expose API calls or errors in the UI & the responses don’t contain any details, reasons or explanations for the errors, but their support team have more details about what is causing the error.
I asked and they replied with the blockquote text below. I’ve checked each one of these and none of them are the issue, except for the fact I cannot confirm that “api” is the username being sent to the Mailgun service.
How can I view the outbound request being made to Mailgun from Ghost?
- Incorrect API key
- Please double-check that there are no zero-width Unicode characters included; this can happen when you copy and paste the API key from our website sometimes
- Check it is a valid Private/Sending API key
- Incorrect API username ( ‘api’ is the correct username)
- Example: ‘api:YOUR_API_KEY’
- Incorrect domain name
- Check the domain/subdomain is correctly spelled
- Ensure the domain/subdomain is verified on the account
- If utilizing Whitelist, you are making an API request from an originating IP that is not on your IP Whitelist
- If API key whitelisting has at least one IP address on it, all other IPs not on the list will fail
- Incorrect region endpoint
- Depending on which region the domain has been set up/verified in please make sure you are using the correct endpoint.
- Example: do not use a domain created in the US with the EU endpoint [api.eu.mailgun.net]
Still trying to troubleshoot, have an open ticket with them. I’m pretty advanced when it comes to system administration and this stuff.
I’ve destroyed the droplet and installed a fresh instance of Ghost 5.22.11, with all updates on the server for Ubuntu 22.04.1 LTS. Deleted all the keys at DO, and reconfigured everything. Still getting the same 401 Forbidden error when trying to use the Mailgun API.
I have an open ticket with them, and will post back here in case there is resolution.
Apparently, there are two separate ways to create API keys in the Mailgun service as follows:
- Through Sending > Domain Settings > Sending API keys
- Through Account > API Keys
This isn’t clear in the Ghost documentation which one is required, although the link in the Ghost UI does take you to the correct screen in Mailgun but I didn’t use that link, I navigated in the Mailgun UI to the newer version of API keys. The one Ghost is using is the v3.
#1 above allows you to create individual keys for the v4 service for each of your domains.
#2 is an overall private API key that is used for the entire Mailgun account. Their v3 service.
Ghost wants #2. I was using #1.
All set now. It works.
any idea how this works today? these settings are no longer visible in the ghost interface! where would one put the API code, or is ghost auto-configuring this? i’ve got a message out to support as well, though remain confused.
on a related aside, did you leave your from address as noreply@
Just to add, the link within Ghost settings to the Mailgun API page and shown here is currently wrong and needs updating
It currently links to
https://app.mailgun.com/app/account/security/api_keys but the correct link is
I’ve reported that issue here Link to get Mailgun API key within Ghost setting is wrong · Issue #18630 · TryGhost/Ghost · GitHub
Also, be sure to whitelist your IP at
https://app.mailgun.com/settings/api_security/ip_allow_list too or it won’t work.