Hello @TriArpan.io,
Thanks for sharing your question with the Klaviyo Community!
If you were interested in incorporating Klaviyo’s Subscribe to List endpoint API as part of your own custom WordPress plugin to give users the capability to signup and subscribe to a Klaviyo list through your plugin, you certain can.
Klaviyo’s API is highly customizable and flexible to be incorporated into whatever integration or connection you are building. When using Klaviyo’s Subscribe endpoint to trigger the Subscribe to List metric, despite requiring the use of your account’s Private API key, this shouldn’t be exposed on your website as this sort of request is a server-side request made within your backend.
The only instance where your private API key may be exposed would be if you managed to expose it via your front-end; which if it were the case would pose a security risk and we recommend reviewing your site and how its coded to omit this risk.
I’ve also included some resources that may help you further understand Klaviyo’s APIs and using it for custom work below:
In addition, since you have received a notice that your private API key has been exposed, and this sort of function pertains to custom coding, I would highly recommend reviewing your site and how you have attempted to make requests to Klaviyo’s Subscribe endpoint to your WordPress plugin with your developer.
I hope this helps!
David