Skip to main content

Hello people,


I am reaching out with an important question regarding Klaviyo’s migration away from the classic API authorization and to the new OAuth 2 system.


For many of my clients, in their flows I use the “Webhook” action in order to send custom events to profiles that enter flows that enrich data and segmentation across the account. All of my flows for instance contain webhooks that send out an “Update Profile” custom event that updates a custom property profile to TRUE and after a certain number of days to FALSE in another flow so we do not send, for instance, abandoned cart emails to a profile that is already in a welcome flow. 


We also send custom webhooks to sunset certain profiles, or do general profile maintenance.


We send these webhooks to klaviyo API endpoints. And now my question is: How will we be able to send webhooks to Klaviyo endpoints after the full migration to OAuth 2? Is Klaviyo actively thinking of a solution in order to use their API endpoints in flows? Will we be able to use Klaviyo OAuth as an integration in our Klaviyo accounts?


Really stressed about the migration as I haven’t been able to find any useful articles on the internet regarding a workaround for this.


Thanks!
 

Hey ​@costrut, I’d say it’s unlikely Klaviyo will fully sunset private api keys in the foreseeable future for individual account use, e.g. flow webhook API calls. If they *are* going to retire private api keys entirely, they’ll have to do a formal deprecation process, similar to what was done for the v1/v2 retirement and likely give at least a 1-2y heads-up.

If you’re trying to build an app listed on the app marketplace, you need to use OAuth.

 

Hello ​@costrut

Thanks so much for reaching out and for explaining your setup so clearly — I completely understand your concern about Klaviyo’s move to the new OAuth 2.0 system.

To be upfront with you — this isn’t something to panic about, but it’s definitely something to start preparing for now. Klaviyo is officially moving away from the old API key authorization and switching everything over to OAuth 2.0, which changes how your webhook calls and automations connect to Klaviyo’s API.

Here’s what this means in simple terms:

  • You’ll still be able to use webhooks to send data, update profiles, and trigger custom events — but those webhook calls will soon need to be authenticated using OAuth tokens instead of your private API keys.

  • Klaviyo hasn’t yet released detailed instructions for how Flow webhooks (like your “Update Profile” ones) will handle OAuth inside the Flow builder itself. So for now, it’s expected that this will change, but not immediately break.

  • It’s smart to start preparing your setup now to avoid any disruptions when the full migration happens.

Here’s what you can start doing:

  1. Create or connect an OAuth app in Klaviyo — this gives you a secure access token.

  2. Update your webhooks to use Authorization: Bearer <access_token> instead of your old private API key.

  3. Test your calls to make sure your events and profile updates still work correctly.

  4. Keep an eye on Klaviyo’s official updates — they’re expected to share specific instructions soon for Flow-based webhook usage.

You’re absolutely right to plan early — doing this now will save you stress later and keep your client flows running smoothly when the change goes live.

👉 If you’d like, I can walk you through exactly how to set up OAuth in Klaviyo and update one of your webhook flows step-by-step so you can test it safely. Would you like me to show you how?

Warm regards,
Stylo Global Expert

Terms & ConditionsAccessibility statement

Links & Resources

Platforms

Partners

Useful Things

About

  • Terms and Privacy |
    © 2024 Klaviyo All rights reserved. Klaviyo and the Klaviyo logo are trademarks or registered trademarks of Klaviyo, Inc. or its affiliates.