HomeGuidesAPI Reference
ChangelogHelp CenterCommunityContact Us
ChangelogHelp CenterCommunityContact Us

Authenticate

Learn how to authenticate requests to Klaviyo endpoints.

Klaviyo provides three methods of authentication:

Server-side APIs Client-side APIs
Private key authentication
All /api endpoints use API private keys to authenticate requests. If you do not use an API key for your requests, or if you use a key from the wrong account, your call will return an error. A 400 error indicates an invalid or missing API key. Please refer to this guide for more details on how to generate private keys and use API key scopes.		 OAuth
If you are a tech partner integrating with Klaviyo, we recommend using OAuth to authenticate your app. OAuth offers multiple benefits over a private key integration, including security, usability, improved rate limits, and the ability to be listed in Klaviyo's integrations directory. Check out our guide on setting up OAuth.		 Public key authentication
All /client endpoints use a public API key: your 6-character company ID, also known as a site ID. We recommend using the Klaviyo object or our Mobile SDKs for interacting with our client-side APIs.

Private key authentication

Private key authentication for /api endpoints is performed by setting the following request header:

Authorization: Klaviyo-API-Key your-private-api-key

curl --request GET \
     --url https://a.klaviyo.com/api/{endpoint}/ \
     --header 'Authorization: Klaviyo-API-Key your-private-api-key' \
     --header 'accept: application/json' \
     --header 'revision: 2023-12-15'

🚧

For your account's security, we strongly recommend never using a private API key with the Client endpoints.

Public key authentication

Client-side API calls only require a public API key, also known as a company_id, for authentication:

curl --request POST \
     --url 'https://a.klaviyo.com/client/subscriptions/?company_id=PUBLIC_API_KEY' \
     --header 'content-type: application/json' \
     --header 'revision: 2023-12-15' \
     --data '
     ...

OAuth

If you're building an app with Klaviyo, OAuth is a standard you can use to provide secure delegated access to users via access tokens. When setting up OAuth, you can provide designated scopes for each API authorization request you'll want to make.

Updated 30 days ago

What’s Next