How to create a scope for a private API key

read
Last updated at:

You will learn

Learn how to create a private API key with a scope. 

A scope allows you to restrict access for third parties using a private API key. Adding a scope helps you protect your and your customers’ data by limiting what third parties can access.

This feature is currently in limited availability. If you don’t see this option when creating a new private API key, please stay tuned!  

Before you begin

You can add any of the following scopes to any new private API key in Klaviyo.

  • Read-only
    Only allows third parties to view all data associated with the endpoint
  • Full
    Allows third parties to create, delete, or make changes to anything associated with that endpoint
  • Custom
    Allows you to decide how much access to give the third party

Note that you cannot add a scope to an existing private key, which have full access by default. You also cannot edit a private API key after it’s been created. If you need to remove access to a key based on its current scope, delete it and then create a new key with the correct scope.

Available scopes for each API

New API endpoint

Associated scopes

/api/catalogs

catalogs:read

catalogs:full

/api/flows

flows:read

flows:full

/api/tags

tags:read

tags:full

/api/lists/

lists:read

lists:full

/api/segments

segments:read

segments:full

/api/profiles

profiles:read

profiles:full

/api/data-privacy

data-privacy:read

data-privacy:full

/api/campaigns

campaigns:read

campaigns:full

/api/metrics

metrics:read

metrics:full

/api/events

events:read

events:full

/api/templates

templates:read

templates:full

POST new API endpoint

Associated scopes

POST /api/events

events:read

events:write

POST /api/profiles

profiles:read

profiles:write

Note that if you try to use the include query, you will have to change the format from what’s listed above.

For example, the profiles endpoint is /api/profiles.

However, if you add the include query parameter (/api/profiles?include=list), you will also need list:read or list:full access, depending on what type of API call you’re making.

Add a scope to a private API key 

  1. Navigate to Account > Settings
  2. Click API Keys
    The API Keys page in your account's settings
  3. Click Create Private API Key
  4. Name the API key 
  5. Choose the scope you want to give the API key:
    • Read-only
    • Full
    • Custom
      Page to create a private API key with a scope
  6. Select Create 

Now, when you share a private API key, the third party will only have access to the information you defined in the scope. 

Additional resources

x
Was this article helpful?
0 out of 1 found this helpful