Skip to main content
Dive into the data that defined Black Friday and Cyber Monday

Increase security to your private API keys and set levels of access through scopes

Profile photo of author Anthony DelPizzo
Anthony DelPizzo
2 min read
Klaviyo news
October 20, 2022

Today, security and data protection are more important than ever. There have been 3 billion more cybersecurity attacks on consumers in 2022 compared to 2021, and it’s estimated that this number will continue to rise over 15% year over year. The main causes of these attacks come from misconfigurations, human error, poor maintenance, and unknown assets. Today, we’re tackling some of these issues and increasing the security of our platform by releasing scopes for private API keys. Scopes allow you to provide custom access to each of your API endpoints, giving you the ability to set specific limitations when sharing private API keys with a third party, like a developer, partner, or other application.

In case you’re not familiar, an API key is a unique identifier used to authenticate a user, developer, or calling program to an API. In other words, a private API key is the key that unlocks the door between your data in Klaviyo and the data a third party needs access to in order to do certain things, like send data to another tool or system in your marketing tech stack. 

There are all kinds of benefits to integrating your other tools with Klaviyo’s built-in CDP, and in some cases, you might need to use a private API key to build those connections. Now, with scopes defined, you can increase security when sharing your private API keys with someone else, ensuring that your data — and the data of your customers — is always protected.  

Getting started with scopes

Adding scopes to your private API keys is a breeze. Each time you generate a new private API key, you will automatically be asked to select the scope of each endpoint — allowing you to customize access depending on the recipient. For private API keys that already exist, you simply can generate a new private key, set its scopes, and replace the old key. It’s best practice to rotate your private API keys regularly, anyway. 

Want to secure your private API keys more effectively? View your API keys in your Klaviyo account settings today. And for more information on how to create a scope for a private API key, check out our Help Center

Creating private API keys is simple in Klaviyo

 

Related content

Klaviyo news
Dec 9, 2025
Welcome Chano Fernández, Klaviyo’s new Co-CEO 

Klaviyo welcomes Chano Fernández as Co-CEO to help accelerate global growth and lead the next era of AI-powered customer experiences.

Klaviyo news
Dec 2, 2025
How the rise of text messaging shaped BFCM 2025

Discover how cross-channel marketing and the rise of SMS shaped BFCM 2025. Learn why email + text orchestration drove record engagement, efficiency, and revenue.

Klaviyo news
Dec 2, 2025
AOV holds firm over BFCM, even as prices rise

AOV stayed strong during BFCM 2025 despite rising prices. Learn why average order values held steady, what drove pricing power, and how brands can protect margins.