V2 API key invalid for Get List and Segment Members but is valid for other requests

  • 23 November 2022
  • 6 replies

Badge +1

I have a private API key that I am using to authenticate API calls to the v1-v2 legacy version of the API.

The API key works when I call the following endpoints:
- v1/lists
- v1/metrics
- v1/flows
- v1/campaigns

But, when I call this endpoint: "v2/group/LIST_OR_SEGMENT_ID/members/all" I get a 403 response with a message "The API key specified is invalid." 

How can this API work for all attempted endpoints except when trying to get the members of a list or segment?


Best answer by Brian Turcotte 30 December 2022, 16:56

View original

6 replies

Userlevel 7
Badge +33

Hi @jjdinho and welcome to the Community!


If you are definitely using the same valid Private API Key for this call, there’s a chance that the error could be caused by an invalid List or Segment ID. I would primarily suggest to double-check if the ID is the same as the desired list or segment.


I will check with our engineering team to determine if there could be other reasons why this error would appear, but in the meantime, there is a potential workaround mentioned in this thread:

exporting the list(s) and segment(s) in question through a .csv file is another way to retrieve both a subscriber count and all details pertaining to those profiles. Also, keep in mind that only Klaviyo users with the Owner, Admin, or Analyst roles have the ability to export lists and segments.




Thanks for using the Community!


- Brian

Badge +1

Hey Brian,

Thanks for you timely response.

I dug a bit deeper and found some details that could help: I am using a Segment ID. This segment id is the first value return when querying the "v1/lists" endpoint. So the segment definitely exists. But I still get a 403 error code response when using that Segment ID to query the "v2/group/LIST_OR_SEGMENT_ID/members/all" endpoint.

Could it be that the api key has permission to read list data but not segment data? Or that is does not have permission to read member data of lists & segments?

It that was the case, however, I would expect a 401 error response, according to the documentation.

Hope that info helps.

Thanks again.


Badge +1

Any update on this @Brian Turcotte ?

Userlevel 7
Badge +33

Hi @jjdinho!


Sorry for the delay in my response to this thread, but here’s a possible cause of this issue. When you create a Private Key, you have the option to choose the access levels of the Key for each API scope. In order to call this endpoint, the API Key needs to have at least read access to Profiles, Lists and Segments:

You can check the access levels of the existing Key in Settings > API Keys > Private API Keys and expanding the desired Key info:


If the key doesn’t have at least read access to Profiles, List and Segments, then you will have to create a new Key with those permissions from that same page.


I hope this helps, and thanks again for using the Community!


Badge +1

Hey Brian,

Thanks for your response. I agree with your analysis and think that it probably was key permissions-related.

I would recommended updating the error sent back in the response for this kind of situation. According to the documentation, a key permission issue should probably return a 401 error ("Not Authorized: Key is valid, but account does not have permissions to perform this action"). For me, it was returning a 403 error ("Forbidden: Request is missing or has an invalid API key"), which is misleading, because the key was working for many other requests/endpoints.

Thanks again for getting back to me.


Userlevel 7
Badge +33

Hi @jjdinho,


Good point! I’ll make sure to forward that feedback to our product team.