Skip to main content

Hi there,

We have created a Shopify app that connects a brand and their customers to our resale platform. Customers arrive at our web app via a client’s website and they resell their unwanted fashion through us. Brands can also resell their defective products, returns, and samples & seconds through us.

With the user’s consent, we want to be able to share key events back with the brands they came from so they can send out things like discount codes and other rewards. Things like: 

  • When the user sold an item
  • When they donated an item
  • When they registered with us, etc

I don’t know of any apps that share second party events like this. To my mind I’ve got 2 options:

  1. Securely capture and store a brand’s Klaviyo API key and use the APIs to send the events when they occur
  2. Create a Klaviyo app and add it to the Klaviyo integrations store/site

The second one seems like more work, but I’m a bit wary of capturing and storing API keys.

Has anyone seen or built something that operates in a similar way? Any advice would be appreciated

Hi ​@authentified-dave 

To ensure I fully understand your setup: You have a primary Klaviyo account connected to your store, with additional Klaviyo accounts created for each brand. You are looking for a way to post custom events from your main Klaviyo account to the other brand accounts. 

Could you please clarify how many brands are involved? Are you intending to implement this functionality using Klaviyo Flows? 

You can incorporate a webhook action, as described here: https://help.klaviyo.com/hc/en-us/articles/4534329515931, configured with the private key of the respective account. 

In my view, implementing an OAuth app within Klaviyo may be more complex than necessary unless the management of custom events occurs outside of Klaviyo.

Hi ​@authentified-dave 
@whereisjad ha ssaid alot but have attention to this

Great use case you're thinking in the right direction.

You're right that storing API keys brings security and compliance risks, especially at scale. Unless you're handling keys with strong encryption and controls, it's better to avoid this route.

Creating a Klaviyo integration (public app) is more work upfront but far safer and scalable. It lets brands authorize your app via OAuth, and you send events securely using their tokens. This is how most professional apps integrate.

I haven’t seen many second-party event setups like this, but building a Klaviyo integration tailored to resale events could be a unique value add.

Hope that helps! Let me know if you want to brainstorm integration structure.

Thanks ​@mike digital101 / ​@whereisjad — sounds like my assumptions are correct. I don’t necessarily mind storing API keys with our setup, as it’s very secure and we’re doing all the right things to keep customer information safe — but I always like to keep as much distance as I can from stuff like that.

I might play around with creating a dummy Oauth app and see what the experience is like before I make a firm commitment either way

Hello ​@authentified-dave 

You're thinking in the right direction.

If you're working with just a few trusted brands, storing their Klaviyo API keys securely can work for now — as long as you're handling encryption and access properly.

But if you're planning to scale, building a Klaviyo OAuth app is the better route. It's safer, more professional, and makes it easier for brands to connect without sharing sensitive keys.

Your second-party event use case is unique and adds real value. Testing with a dummy OAuth app is a smart move.

Let me know if you want help mapping out the OAuth flow or event structure. I can help you with that

Terms & Conditions

Links & Resources

Platforms

Partners

Useful Things

About

  • Terms and Privacy |
    © 2024 Klaviyo All rights reserved. Klaviyo and the Klaviyo logo are trademarks or registered trademarks of Klaviyo, Inc. or its affiliates.