Only Owners or Admins can access the API keys tab.

Find out how to access and manage your API keys for your Klaviyo account. 

If you want to learn about creating or cloning a private API key, read how to create private API keys

Difference between public and private API keys

Difference between public and private API keys

Your public API key is also called your Site ID. This is a short alphanumeric value. This public key is a unique identifier for your Klaviyo account, and there is only one per account. It is safe to expose your public API key, as this key cannot be used to access data in your Klaviyo account.

Private API keys are used for reading data from Klaviyo and manipulating some sensitive objects, such as lists. Treat private API keys like passwords: kept in a safe place and never exposed to the public. A Klaviyo account can generate as many private API keys as needed. 

What to do if your API key is exposed

What to do if your API key is exposed

Since public API keys are generally an identifier, there's no risk if a public API key is exposed. 

The same is not true for private API keys. Private API keys can give someone access or permissions that they shouldn't have, such as allowing them to view or edit customer data. 

If a private API key is exposed, you should immediately create a new private API key and deactivate the old one. In addition, consider what permissions that private API key should have and use a different private API key for each application. 

Find your API keys

Find your API keys

You will not be able view any private API key after creating it. Instead, you should treat private API keys like a password: only sharing these keys with parties you trust and saving them in a secure place, such as a vault or password manager.

  1. Click your account name in the lower left.
  2. Click Settings.
    settings.jpg
  3. Select the API keys tab. 
  4. View your public API key (i.e., site ID).
    • You can see the names of your private API keys but will not be able to view the key itself.
      API key tab in account settings
Cloning private API keys

Cloning private API keys

While you can clone existing private API keys, the cloned key will:

  • Be an entirely different key from the original. 
  • Use the same name as the original. 
  • Have the same scopes as the original.
Additional resources

Additional resources

Was this article helpful?
Use this form only for article feedback. Learn how to contact support.

Explore more from Klaviyo

Community
Connect with peers, partners, and Klaviyo experts to find inspiration, share insights, and get answers to all of your questions.
Live training
Join a live session with Klaviyo experts to learn about best practices, how to set up key features, and more.
Support

Access support through your account.

Email support (free trial and paid accounts) Available 24/7

Chat/virtual assistance
Availability varies by location and plan type