HomeGuidesAPI Reference
ChangelogHelp CenterCommunityContact Us
These docs are for v1-2. Click to read the latest docs for v2024-05-15.


Learn how to authenticate requests to Klaviyo's two sets of endpoints.

API keys are always required to authenticate API requests. If you do not use an API key for your requests, or if you use a key from the wrong account, your call will return an error. A 400 error indicates an invalid or missing API key.

Track and Identify APIs

These APIs do not adhere to REST principles. Authenticate to these APIs using your 6-character public API key, also known as a site ID. The public key must be set as the token key in the base64-encoded payload of your request. For more details, see Track & Identify.


For your account's security, we strongly recommend never using a private API key with the Track and Identify APIs.

curl --request POST \
     --url 'https://a.klaviyo.com/api/track' \
     --header 'Accept: text/html' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data 'data={"token": "PUBLIC_KEY"}'


The RESTful APIs use private API keys. Your private API key is passed using the query parameter api_key with each request.

curl --request POST \
     --url 'https://a.klaviyo.com/api/v2/lists?api_key=PRIVATE_KEY' \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data list_name=ListName

Check out the API overview to learn more about how these two core sets of APIs differ.