Klaviyo uses public and private API keys to authenticate API requests. You can obtain and make changes to your API keys from your account's Settings page under the API Keys tab. To manage API keys, you must have an Owner, Admin, or Manager role on the account.
Your 6-character public key, sometimes referred to as a site ID, is a short alphanumeric string that serves as the unique identifier for your Klaviyo account.
Private keys will have the prefix
pk_ followed by a longer alphanumeric string. Klaviyo allows you to generate multiple private keys for your applications.
Your private API keys can be used to read and write data to your Klaviyo account and should never be exposed in client-side code or made accessible from public repositories.
API Key scopes allow you to restrict access for third parties using a private API key. Adding a scope helps you protect your and your customers’ data by limiting what third parties can access.
You can add any of the following scopes to any new private API key in Klaviyo:
Only allows third parties to view all data associated with the endpoint
Allows third parties to create, delete, or make changes to anything associated with that endpoint
Allows you to decide how much access to give the third party
Note that you cannot add a scope to an existing private key, which have full access by default. You also cannot edit a private API key after it’s been created. If you need to remove access to a key based on its current scope, delete it and then create a new key with the correct scope.
For more information about the supported scopes for each endpoint and how to add a scope to an API key, please refer to the how to create a scope for a private API key guide.
Updated 4 months ago