Skip to content

Klaviyo API Key

Service Name: Klaviyo

Service Description: Klaviyo is a marketing automation platform that helps businesses create personalized customer experiences through email, SMS, and other communication channels.

Service Address: https://www.klaviyo.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Klaviyo account data, including customer lists, campaigns, metrics, and the ability to send communications.

Secret Revokement URL: https://www.klaviyo.com/account#api-keys-tab

Secret Example: pk_1234567890abcdef1234567890abcdef12

Suspicious Activity Investigation Instructions:

  • Check Klaviyo account for unauthorized campaigns or communications sent.
  • Review account activity logs for unusual access patterns or locations.
  • Check for unauthorized changes to customer lists, segments, or flows.
  • Monitor for unexpected API calls or data exports.
  • Verify if any new integrations have been added to your Klaviyo account.

Mitigation Instructions:

  • Immediately revoke the compromised API key in the Klaviyo dashboard.
  • Navigate to your Klaviyo account settings > API Keys.
  • Delete the compromised key.
  • Create a new API key with appropriate permissions.
  • Update any legitimate applications that were using the old key.
  • Review and update security settings for your Klaviyo account.
  • Enable two-factor authentication if not already enabled.
  • Notify your security team about the potential breach.