We have an app in the partner program. But recently are being told that “Upgrade to OAuth for Continued App Listing”. We need our web app to start using oath I guess. Is OAuth replacing the API keys from customers? Or is this simply how our app communicates with Klaviyo? But isn’t it the same thing? Right now we have a customer API key and it allows our app to do stuff. Now we need OAUTH? What happens to the API key?
Best answer by hani
Not exactly. OAuth doesn’t directly replace the API keys your customers provide to connect their Klaviyo accounts to your app.
Instead, it replaces the way your app authenticates and interacts with Klaviyo’s APIs on behalf of those customers. Historically, apps might have relied on customers providing private API keys (generated within their Klaviyo accounts) to enable your app to access their data and perform actions.
With OAuth, this process changes: your app will now use an OAuth flow to obtain access tokens and refresh tokens, eliminating the need for customers to manually share private API keys with you.
The private API keys your customers have provided will still work for now, as Klaviyo hasn’t fully deprecated them yet. However, Klaviyo is moving toward phasing out private API key-based authentication for partner apps in favor of OAuth, especially for those listed in the Integrations Directory.
+1Not exactly. OAuth doesn’t directly replace the API keys your customers provide to connect their Klaviyo accounts to your app.
Instead, it replaces the way your app authenticates and interacts with Klaviyo’s APIs on behalf of those customers. Historically, apps might have relied on customers providing private API keys (generated within their Klaviyo accounts) to enable your app to access their data and perform actions.
With OAuth, this process changes: your app will now use an OAuth flow to obtain access tokens and refresh tokens, eliminating the need for customers to manually share private API keys with you.
The private API keys your customers have provided will still work for now, as Klaviyo hasn’t fully deprecated them yet. However, Klaviyo is moving toward phasing out private API key-based authentication for partner apps in favor of OAuth, especially for those listed in the Integrations Directory.
How will independent web apps work then if customers do not need to share private API keys anymore? I am presuming a Integrations Directory listing will have the customer approve access to their account all AOath to function, but a separate web app will not have that luxury. So API keys are still required if not in the integrations directory, correct?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
