You will learn
Learn how to create a private API key with a scope.
A scope allows you to restrict access for third parties using a private API key. Adding a scope helps you protect your and your customers’ data by limiting what third parties can access.
Before you begin
You can add any of the following scopes to any new private API key in Klaviyo.
- Read-only
Only allows third parties to view all data associated with the endpoint - Full
Allows third parties to create, delete, or make changes to anything associated with that endpoint - Custom
Allows you to decide how much access to give the third party
Note that you cannot add a scope to an existing private key, which have full access by default. You also cannot edit a private API key after it’s been created. If you need to remove access to a key based on its current scope, delete it and then create a new key with the correct scope.
New API endpoint |
Associated scopes |
/api/catalogs |
catalogs:read catalogs:full |
/api/flows |
flows:read flows:full |
/api/tags |
tags:read tags:full |
/api/lists/ |
lists:read lists:full |
/api/segments |
segments:read segments:full |
/api/profiles |
profiles:read profiles:full |
/api/data-privacy |
data-privacy:read data-privacy:full |
/api/campaigns |
campaigns:read campaigns:full |
/api/metrics |
metrics:read metrics:full |
/api/events |
events:read events:full |
/api/templates |
templates:read templates:full |
POST new API endpoint |
Associated scopes |
POST /api/events |
events:read events:write |
POST /api/profiles |
profiles:read profiles:write |
Add a scope to a private API key
- Navigate to Account > Settings
- Click API Keys
- Click Create Private API Key
- Name the API key
- Choose the scope you want to give the API key:
- Read-only
- Full
- Custom
- Select Create
Now, when you share a private API key, the third party will only have access to the information you defined in the scope.
Using queries
Include
Note that if you try to use the include
query, you will have to change the format from what’s listed above.
For example, the profiles endpoint is /api/profiles.
However, if you add the include query parameter (/api/profiles?include=list), you will also need list:read or list:full access, depending on what type of API call you’re making.
Scopes
Using the scopes
parameter, you can create a URL parameter to autofill in what scope access you need for your private API key.
In the scopes query, include a comma-separated list of the scopes you want to preselect.
An example URL is:
https://www.klaviyo.com/create-private-api-key?scopes=campaigns:read,campaigns:write
- Campaigns
- campaigns:read,
- campaigns:write,
- Catalogs
- catalogs:read,
- catalogs:write,
- Data privacy
- data-privacy:read,
- data-privacy:write,
- Events
- events:read,
- events:write,
- Flows
- flows:read,
- flows:write,
- List
- list:read,
- list:write,
- Metrics
- metrics:read,
- metrics:write,
- Profiles
- profiles:read,
- profiles:write,
- Segments
- segments:read,
- segments:write,
- Subscriptions
- subscriptions:read,
- subscriptions:write,
- Tags
- tags:read,
- tags:write,
- Templates
- templates:read,
- template:write
Additional resources
- See our article on getting started with Klaviyo APIs
- Check out more developer docs
- Overview of our new APIs (beta)