Skip to main content
Solved

Klaviyo Back in stock with api

  • December 4, 2024
  • 1 reply
  • 22 views

Forum|alt.badge.img

Hi, I am trying to add back in stock in Shopify using new Klaviyo api as previous one is depreciated and not working but i am getting  Cors policy error. 

Following is the code please help me what I am doing wrong. 

 

const settings = {
  async: true,
  crossDomain: true,
  url: 'https://a.klaviyo.com/api/back-in-stock-subscriptions',
  method: 'POST',
  headers: {
    accept: 'application/vnd.api+json',
    revision: '2024-10-15',
    'content-type': 'application/vnd.api+json',
    Authorization: 'XBfV5N pk_0d7d1911eb8824c6ee8265ac16f16bcf9f'
  },

  data: {
    "type": "back-in-stock-subscription",
    "attributes": {
      "profile": {
        "data": {
            "type": "profile",
            "attributes": {
                "email": "matt.kemp@klaviyo-demo.com"
            }
        }
      },
      "channels": ["EMAIL"],
    },
    "relationships": {
      "variant": {
        "data": {
          "type": "catalog-variant",
          "id": "$shopify:::$default:::40800102350963"
        }
      }
    }
  }

};

$.ajax(settings).done(res => {
  console.log(res);

Best answer by ryankelly

It looks like you’re calling the server-side endpoint. For this, the authorization value is of the format:

Klavyio-API-Key your_private_key_value

You seem to have your public API key value followed by a private API key value.

This endpoint should only be used from server-side calls, with a private API key.

You are probably getting the CORS error because you are calling a server-side endpoint from a client (eg, browser).

If you intend to make a call from the client-side (which I think may be your intention), you need to use the client-side endpoint, which uses your public API key as a query parameter.

Additionally, you should rotate your private API key now as it has been posted in plain text in this post.

View original
Did this topic or the replies in the thread help you find an answer to your question?

1 reply

  • Klaviyo Employee
  • 4 replies
  • Answer
  • December 4, 2024

It looks like you’re calling the server-side endpoint. For this, the authorization value is of the format:

Klavyio-API-Key your_private_key_value

You seem to have your public API key value followed by a private API key value.

This endpoint should only be used from server-side calls, with a private API key.

You are probably getting the CORS error because you are calling a server-side endpoint from a client (eg, browser).

If you intend to make a call from the client-side (which I think may be your intention), you need to use the client-side endpoint, which uses your public API key as a query parameter.

Additionally, you should rotate your private API key now as it has been posted in plain text in this post.