Klaviyo API Key
Service Name: Klaviyo
Service Description: Klaviyo is a marketing automation platform that helps businesses create personalized customer experiences through email, SMS, and other communication channels.
Service Address: https://www.klaviyo.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Klaviyo account data, including customer lists, campaigns, metrics, and the ability to send communications.
Secret Revokement URL: https://www.klaviyo.com/account#api-keys-tab
Secret Example: pk_1234567890abcdef1234567890abcdef12
Suspicious Activity Investigation Instructions:
- Check Klaviyo account for unauthorized campaigns or communications sent.
- Review account activity logs for unusual access patterns or locations.
- Check for unauthorized changes to customer lists, segments, or flows.
- Monitor for unexpected API calls or data exports.
- Verify if any new integrations have been added to your Klaviyo account.
Mitigation Instructions:
- Immediately revoke the compromised API key in the Klaviyo dashboard.
- Navigate to your Klaviyo account settings > API Keys.
- Delete the compromised key.
- Create a new API key with appropriate permissions.
- Update any legitimate applications that were using the old key.
- Review and update security settings for your Klaviyo account.
- Enable two-factor authentication if not already enabled.
- Notify your security team about the potential breach.