How to create a private API key – Klaviyo - Help Center

You will learn

Learn how to create a private API key with a scope.

A scope allows you to restrict access for third parties using a private API key. Adding a scope helps you protect your and your customers’ data by limiting what third parties can access.

Before you begin

You can add any of the following scopes to any new private API key in Klaviyo.

Read-only
Only allows third parties to view all data associated with the endpoint
Full
Allows third parties to create, delete, or make changes to anything associated with that endpoint
Custom
Allows you to decide how much access to give the third party

Note that you cannot add a scope to an existing private key, which have full access by default. You also cannot edit a private API key after it’s been created. If you need to remove access to a key based on its current scope, delete it and then create a new key with the correct scope.

Available scopes for each API

New API endpoint	Associated scopes
/api/catalogs	catalogs:read catalogs:full
/api/flows	flows:read flows:full
/api/tags	tags:read tags:full
/api/lists/	lists:read lists:full
/api/segments	segments:read segments:full
/api/profiles	profiles:read profiles:full
/api/data-privacy	data-privacy:read data-privacy:full
/api/campaigns	campaigns:read campaigns:full
/api/metrics	metrics:read metrics:full
/api/events	events:read events:full
/api/templates	templates:read templates:full

POST new API endpoint

Associated scopes

POST /api/events

events:read

events:write

POST /api/profiles

profiles:read

profiles:write

Add a scope to a private API key

Navigate to Account > Settings
Click API Keys
Click Create Private API Key
Name the API key
Choose the scope you want to give the API key:
- Read-only
- Full
- Custom
Select Create

Now, when you share a private API key, the third party will only have access to the information you defined in the scope.

Using queries

Include

Note that if you try to use the include query, you will have to change the format from what’s listed above.

For example, the profiles endpoint is /api/profiles.

However, if you add the include query parameter (/api/profiles?include=list), you will also need list:read or list:full access, depending on what type of API call you’re making.

Scopes

Using the scopes parameter, you can create a URL parameter to autofill in what scope access you need for your private API key.

In the scopes query, include a comma-separated list of the scopes you want to preselect.

An example URL is:
https://www.klaviyo.com/create-private-api-key?scopes=campaigns:read,campaigns:write

The scopes you can use in this query are:

Campaigns
- campaigns:read,
- campaigns:write,
Catalogs
- catalogs:read,
- catalogs:write,
Data privacy
- data-privacy:read,
- data-privacy:write,
Events
- events:read,
- events:write,
Flows
- flows:read,
- flows:write,
List
- list:read,
- list:write,
Metrics
- metrics:read,
- metrics:write,
Profiles
- profiles:read,
- profiles:write,
Segments
- segments:read,
- segments:write,
Subscriptions
- subscriptions:read,
- subscriptions:write,
Tags
- tags:read,
- tags:write,
Templates
- templates:read,
- template:write

Additional resources

See our article on getting started with Klaviyo APIs
Check out more developer docs
Overview of our new APIs (beta)