Increase security to your private API keys and set levels of access through scopes
Today, security and data protection are more important than ever. There have been 3 billion more cybersecurity attacks on consumers in 2022 compared to 2021, and it’s estimated that this number will continue to rise over 15% year over year. The main causes of these attacks come from misconfigurations, human error, poor maintenance, and unknown assets. Today, we’re tackling some of these issues and increasing the security of our platform by releasing scopes for private API keys. Scopes allow you to provide custom access to each of your API endpoints, giving you the ability to set specific limitations when sharing private API keys with a third party, like a developer, partner, or other application.
In case you’re not familiar, an API key is a unique identifier used to authenticate a user, developer, or calling program to an API. In other words, a private API key is the key that unlocks the door between your data in Klaviyo and the data a third party needs access to in order to do certain things, like send data to another tool or system in your marketing tech stack.
There are all kinds of benefits to integrating your other tools with Klaviyo’s built-in CDP, and in some cases, you might need to use a private API key to build those connections. Now, with scopes defined, you can increase security when sharing your private API keys with someone else, ensuring that your data — and the data of your customers — is always protected.
Getting started with scopes
Adding scopes to your private API keys is a breeze. Each time you generate a new private API key, you will automatically be asked to select the scope of each endpoint — allowing you to customize access depending on the recipient. For private API keys that already exist, you simply can generate a new private key, set its scopes, and replace the old key. It’s best practice to rotate your private API keys regularly, anyway.
Want to secure your private API keys more effectively? View your API keys in your Klaviyo account settings today. And for more information on how to create a scope for a private API key, check out our Help Center.