HomeGuidesAPI Reference
ChangelogHelp CenterCommunityContact Us
Guides

Obtain API credentials

Locate your API credentials in Klaviyo and differentiate between public and private keys.

Klaviyo uses public and private API keys to authenticate API requests. You can obtain and make changes to your API keys from your account's Settings page under the API Keys tab. To manage API keys, you must have an Owner, Admin, or Manager role on the account.

Klaviyo API keys tab showing public and private keys, and Create Private API Key with arrow and blue background

Public key / Site ID

Your 6-character public key, sometimes referred to as a site ID, is a short alphanumeric string that serves as the unique identifier for your Klaviyo account.

Public keys cannot be used to access secure data in your account and are safe to share. Use your public key when you need to track people and events in client-side JavaScript code.

Private key

Private keys will have the prefix pk_ followed by a longer alphanumeric string. Klaviyo allows you to generate multiple private keys for your applications.

Your private API keys can be used to read and write data to your Klaviyo account and should never be exposed in client-side code or made accessible from public repositories.

🚧

To protect your account from unauthorized access, you cannot view your private API keys in Klaviyo. After creating a private API key, you should copy it to a secure location.

Scopes

API Key scopes allow you to restrict access for third parties using a private API key. Adding a scope helps you protect your and your customers’ data by limiting what third parties can access.

You can add any of the following scopes to any new private API key in Klaviyo:

  • Read-only
    Only allows third parties to view all data associated with the endpoint
  • Full
    Allows third parties to create, delete, or make changes to anything associated with that endpoint
  • Custom
    Allows you to decide how much access to give the third party

Note that you cannot add a scope to an existing private key, which have full access by default. You also cannot edit a private API key after it’s been created. If you need to remove access to a key based on its current scope, delete it and then create a new key with the correct scope.

Available scopes for each API 
API endpoint Associated scopes
Accounts accounts:read
Campaigns campaigns:read

campaigns:write

Conversations conversations:read

conversations:write

Catalogs catalogs:read

catalogs:write

Coupons coupons:read

coupons:write

Coupon codes coupon-codes:read

coupon-codes:write

Data privacy data-privacy:read

data-privacy:write

Events events:read

events:write (allows for creating/updating profiles)

Flows flows:read

flows:write

Images images:read

images:write

Lists lists:read

lists:write

Metrics metrics:read

metrics:write

Profiles profiles:read

profiles:write

Push tokens push-tokens:read

push-tokens:write

Reporting campaigns:read

flows:read

Segments segments:read

segments:write

Subscriptions subscriptions:read

subscriptions:write

Tags tags:read

tags:write

Templates templates:read

templates:write

For more information about how to add a scope to an API key, please refer to the how to create a scope for a private API key guide.