Unable to send newsletter with correct Mailgun API Keys

I’ve tried a bunch of things but can’t seem to make this work.

Running Ghost 5.22.10 on my own subdomain. My company has been using Mailgun for years for other transactional e-mail and we have at least 10 different API keys for various things all currently working.

I created the API key for Ghost. Put it in the UI and entered all the information, but it just doesn’t work. The single emails from the production.json config is fine, this is the API part that isn’t working.

I get a 401: Forbidden error (see below) yet I have deleted and recreated the API key in Mailgun at least five times, and put the new ones in Ghost each time. Still nothing, always the 401 error, and nothing appears in the Mailgun logs either.

Anyone else have this problem?

NAME: EmailError
CODE: BULK_EMAIL_SEND_FAILED
MESSAGE: The email service received an error from mailgun and was unable to send.

level: normal

“Mailgun Error 401: Forbidden”
Email Newsletters — Ghost Developer Docs
EmailError: The email service received an error from mailgun and was unable to send.
at Object.send (/var/www/ghost/versions/5.22.10/core/server/services/bulk-email/bulk-email-processor.js:257:30)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async Object.sendTestEmail (/var/www/ghost/versions/5.22.10/core/server/services/mega/mega.js:110:22)
at async Object.query (/var/www/ghost/versions/5.22.10/core/server/api/endpoints/email-previews.js:74:20)
at async /var/www/ghost/versions/5.22.10/node_modules/@tryghost/api-framework/lib/http.js:64:28

[2022-11-15 16:19:32] ERROR “POST /ghost/api/admin/email_previews/posts/6372a8bbc4e06b1f25882982/” 500 694ms

The 401 error in this case is coming from Mailgun’s API.

Double check that your domain, region, and API key are all correct. If they are, you’re best off asking them what’s happening.

They don’t expose API calls or errors in the UI & the responses don’t contain any details, reasons or explanations for the errors, but their support team have more details about what is causing the error.

1 Like

I asked and they replied with the blockquote text below. I’ve checked each one of these and none of them are the issue, except for the fact I cannot confirm that “api” is the username being sent to the Mailgun service.

How can I view the outbound request being made to Mailgun from Ghost?

Blockquote

  1. Incorrect API key
  • Please double-check that there are no zero-width Unicode characters included; this can happen when you copy and paste the API key from our website sometimes
  • Check it is a valid Private/Sending API key
  1. Incorrect API username ( ‘api’ is the correct username)
  • Example: ‘api:YOUR_API_KEY’
  1. Incorrect domain name
  • Check the domain/subdomain is correctly spelled
  • Ensure the domain/subdomain is verified on the account
  1. If utilizing Whitelist, you are making an API request from an originating IP that is not on your IP Whitelist
  • If API key whitelisting has at least one IP address on it, all other IPs not on the list will fail
  1. Incorrect region endpoint
  • Depending on which region the domain has been set up/verified in please make sure you are using the correct endpoint.
  • Example: do not use a domain created in the US with the EU endpoint [api.eu.mailgun.net]

Yes, we use api as the username: Ghost/mailgun-client.js at 92585e5ed2b3dbe5b806e2a8197d9724e95f44ff · TryGhost/Ghost · GitHub

We also send all requests via their SDK.

1 Like

Still trying to troubleshoot, have an open ticket with them. I’m pretty advanced when it comes to system administration and this stuff.

I’ve destroyed the droplet and installed a fresh instance of Ghost 5.22.11, with all updates on the server for Ubuntu 22.04.1 LTS. Deleted all the keys at DO, and reconfigured everything. Still getting the same 401 Forbidden error when trying to use the Mailgun API.

I have an open ticket with them, and will post back here in case there is resolution.

Thank you!!!

RESOLVED:

Apparently, there are two separate ways to create API keys in the Mailgun service as follows:

  1. Through Sending > Domain Settings > Sending API keys
  2. Through Account > API Keys

This isn’t clear in the Ghost documentation which one is required, although the link in the Ghost UI does take you to the correct screen in Mailgun but I didn’t use that link, I navigated in the Mailgun UI to the newer version of API keys. The one Ghost is using is the v3.

#1 above allows you to create individual keys for the v4 service for each of your domains.
#2 is an overall private API key that is used for the entire Mailgun account. Their v3 service.

Ghost wants #2. I was using #1.

All set now. It works.

2 Likes