Authenticate
Learn how to authenticate requests to Klaviyo's two sets of endpoints.
API keys are always required to authenticate API requests. If you do not use an API key for your requests, or if you use a key from the wrong account, your call will return an error. A 400 error indicates an invalid or missing API key.
Track and Identify APIs
These APIs do not adhere to REST principles. Authenticate to these APIs using your 6-character public API key, also known as a site ID. The public key must be set as the token key in the base64-encoded payload of your request. For more details, see Track & Identify.
For your account's security, we strongly recommend never using a private API key with the Track and Identify APIs.
curl --request POST \
--url 'https://a.klaviyo.com/api/track' \
--header 'Accept: text/html' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'data={"token": "PUBLIC_KEY"}'
RESTful API
The RESTful APIs use private API keys. Your private API key is passed using the query parameter api_key with each request.
curl --request POST \
--url 'https://a.klaviyo.com/api/v2/lists?api_key=PRIVATE_KEY' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data list_name=ListName
Check out the API overview to learn more about how these two core sets of APIs differ.
Updated about 2 years ago