Skip to main content
Solved

Klaviyo data privacy api issues

  • April 15, 2026
  • 4 replies
  • 108 views
E
Contributor I
Forum|alt.badge.img

We’re getting 401 responses from the Data Privacy APIs (profile delete).

A few observations:

  • Non-existing profiles continue to return 404 as expected
  • Existing profiles can no longer be deleted using the API
  • Other APIs using the same private key are working fine
  • Behaviour is consistent in both staging and production
  • Deletions were working successfully up to April 14

Sample error:

{
  "errors": [
    {
      "id": "9917507d-f1c9-4fdb-90aa-a3311cc85ffc",
      "status": 401,
      "code": "authentication_failed",
      "title": "Incorrect authentication credentials.",
      "detail": "Missing or invalid authorization",
      "source": {
        "pointer": "/data/"
      }
    }
  ]}

It appears to affect only existing profiles — non-existent profiles are returning 404 as expected, not 401.

does someone know if there is any ground breaking changes today.

Best answer by MANSIR2094

Hello ​@ekalvyaa 

Over the few times I 've worked with the data privacy API, this kind of 401 usually isn't about the key being wrong, especially since other endpoints still work. It often shows up when klaviyo tightens permission checked on delete actions after an API revision.
Since it stopped around April 14 for you both or as many people, I suspect a silent change in authorization handling or required scopes for profile deletion. What I would actually check From experience, is to regenerate a fresh private key with full data privacy permissions, confirm the exact header format being aent, and verify the API revision version in the request. I have seen older revisions keep working for other calls but fail specifically on delete endpoint..

Still learning deeper parts of the API myself but similar cases this turned out to be permission or revision related rather than a code bug. Happy to compare notes if you find anything new.

Mansir~

4 replies

A
Contributor I
  • ap123
  • Contributor I
  • April 15, 2026

Same thing happening for us. Was working fine until around April 14th 19:00 UTC. Maybe it has something to do with the new revision of the API they released today?

    MANSIR2094
    Expert Problem Solver IV
    Forum|alt.badge.img+21
    • MANSIR2094
    • Expert Problem Solver IV
    • Answer
    • April 15, 2026

    Hello ​@ekalvyaa 

    Over the few times I 've worked with the data privacy API, this kind of 401 usually isn't about the key being wrong, especially since other endpoints still work. It often shows up when klaviyo tightens permission checked on delete actions after an API revision.
    Since it stopped around April 14 for you both or as many people, I suspect a silent change in authorization handling or required scopes for profile deletion. What I would actually check From experience, is to regenerate a fresh private key with full data privacy permissions, confirm the exact header format being aent, and verify the API revision version in the request. I have seen older revisions keep working for other calls but fail specifically on delete endpoint..

    Still learning deeper parts of the API myself but similar cases this turned out to be permission or revision related rather than a code bug. Happy to compare notes if you find anything new.

    Mansir~

    Mansir Digital Portfolio
    R
    Contributor I
    • rohan02
    • Contributor I
    • April 15, 2026

    We’re getting 401 responses from the Data Privacy APIs (profile delete).

    A few observations:

    • Non-existing profiles continue to return 404 as expected
    • Existing profiles can no longer be deleted using the API
    • Other APIs using the same private key are working fine
    • Behaviour is consistent in both staging and production
    • Deletions were working successfully up to April 14

    Sample error:

    {
      "errors": [
        {
          "id": "9917507d-f1c9-4fdb-90aa-a3311cc85ffc",
          "status": 401,
          "code": "authentication_failed",
          "title": "Incorrect authentication credentials.",
          "detail": "Missing or invalid authorization",
          "source": {
            "pointer": "/data/"
          }
        }
      ]}

    It appears to affect only existing profiles — non-existent profiles are returning 404 as expected, not 401.

    does someone know if there is any ground breaking changes today.

    No known global breaking change today.

    This looks like a Data Privacy delete endpoint auth/scope change or stricter permission check since Apr 14. Key likely missing required privacy/deletion scope or new auth rule for that endpoint.

    E
    Contributor I
    Forum|alt.badge.img
    • ekalvyaa
    • Author
    • Contributor I
    • April 16, 2026

    @MANSIR2094 ​@rohan02 
    The issue is automatically resolved now. I think they rolled out fixes.

      Ask a Question Widget
      Terms & ConditionsAccessibility statement

      Links & Resources

      Platforms

      Partners

      Useful Things

      About

      • Terms and Privacy |
        © 2026 Klaviyo All rights reserved. Klaviyo and the Klaviyo logo are trademarks or registered trademarks of Klaviyo, Inc. or its affiliates.