Solved

Does Klaviyo API support CORs requests?

  • 8 February 2021
  • 5 replies
  • 706 views

Badge

I’m trying using the list subscribe endpoint (https://a.klaviyo.com/api/v2/list/<list-id>/subscribe) and the API isn’t returning Access Control Allow Origin headers so the browser is blocking the request. Does the Klaviyo API support CORs requests in the browser?
 

 

icon

Best answer by Paul S 12 February 2021, 20:44

Hi @ca136 


Our server-side APIs are set up to deny incoming connections from the front-end in order to prevent people from exposing their sensitive private API keys which are required for these endpoints. When sending subscriptions to Klaviyo, here are our recommended approaches:

  • If you want to use an API endpoint, use the server-side subscribe endpoint from a server-side location
  • If you do not have access to a server-side location for your platform (eg. you’re on a hosted platform), you can set up a proxy which routes a request to subscribe from your front-end to this proxy in order to send the server-side request
  • Alternatively, an easy way to set up subscribes from the front-end would be to use our built-in forms or one of our partner integrations who offer subscription forms

Hope that information helps but if you need additional information, please do follow up.

 

 

View original

5 replies

Userlevel 5
Badge +3

Hi @ca136 


Our server-side APIs are set up to deny incoming connections from the front-end in order to prevent people from exposing their sensitive private API keys which are required for these endpoints. When sending subscriptions to Klaviyo, here are our recommended approaches:

  • If you want to use an API endpoint, use the server-side subscribe endpoint from a server-side location
  • If you do not have access to a server-side location for your platform (eg. you’re on a hosted platform), you can set up a proxy which routes a request to subscribe from your front-end to this proxy in order to send the server-side request
  • Alternatively, an easy way to set up subscribes from the front-end would be to use our built-in forms or one of our partner integrations who offer subscription forms

Hope that information helps but if you need additional information, please do follow up.

 

 

Badge

im having the same issue with a game i made for a client , Im using the members endpoint. the post request gets blocked. how can i handle that please?did you find a way to make it happen?

Badge

Can we use Google Cloud function to call Klaviyo API to collect SMS consent?

Badge

Hi @ca136 


Our server-side APIs are set up to deny incoming connections from the front-end in order to prevent people from exposing their sensitive private API keys which are required for these endpoints. When sending subscriptions to Klaviyo, here are our recommended approaches:

  • If you want to use an API endpoint, use the server-side subscribe endpoint from a server-side location
  • If you do not have access to a server-side location for your platform (eg. you’re on a hosted platform), you can set up a proxy which routes a request to subscribe from your front-end to this proxy in order to send the server-side request
  • Alternatively, an easy way to set up subscribes from the front-end would be to use our built-in forms or one of our partner integrations who offer subscription forms

Hope that information helps but if you need additional information, please do follow up.

 

 

Can we use Google Cloud function to call Klaviyo API to collect SMS consent?

Userlevel 5
Badge +4

Hi @himalay,

Thank you for the follow-up note.

I spoke to the point on collecting SMS consent via Google Cloud in my post below.

In short, Klaviyo does not have a formal SMS subscription pathway for Google Cloud so we cannot say for certain that this will work. All of Klaviyo’s methods to gather SMS subscriptions are outlined in Klaviyo’s Guide to Collecting SMS Consent. If you decide to test this subscription method using Google Cloud, you should keep in mind the general guidelines outlined in the post linked above, and be careful using the front-end so Google Cloud does not risk exposing your private API key for security purposes. 

Thanks and have a great day.

Reply