Skip to main content
Solved

401 unauthorised on new API calls (using private key)

C
Contributor I
Forum|alt.badge.img

I have reviewed other posts regarding 401 errors, but none of them seem to match my issue, and all are from a year or more ago too.

I am using the C# example:

 

I am substituting in a private API key with Full Access permissions, in order to call https://a.klaviyo.com/api/events/

Eg 

 

However I still get a 401 response. 

I’m wondering if, for example, the API restricts access to just the domain of the account. I ask because when testing locally both my testing account key and the live key for our client both return authentication errors.

The calls are being made (I believe) as per the documented examples from https://developers.klaviyo.com/en/reference/create_event

 

They seem to be succeeding from a payload and URL/endpoint perspective etc, but then get an unauthorised response which seems to indicate they are good calls but not allowed.

 

As the processing and handling “seems” to be fine (without being a naïve developer) I wanted to check if there was additional security protocols that could be impeding the successful call completion. If necessary I can arrange to test in production in order to be within the domain etc, but this is obviously a last resort.

Best answer by CameronT

No real solution to offer others here sorry, but the result for me was due to the key/token being included in the serialised object being sent as well, this seemed ot cause a parse error that returned as unauthorised. Once I mitigated this, I was then able to get responses and fix a few issues in payloads. All seems to be working now though.

View original
Did this topic or the replies in the thread help you find an answer to your question?

3 replies

M
Partner
Forum|alt.badge.img+31
  • Maxbuzz
  • Partner
  • 252 replies
  • June 25, 2024

 

Hello @CameronT  If you have assigned full access tot he private key and still getting the 401 unauthorized error then my assumption is that there is some issue with how the dynamic value of API key is passed.

Can you try doing this?
string apiKey =Settings.ConfigString(“PrivateKlaviyoKey”);
request.AddHeader("Authorization", $"Klaviyo-API-Key {apiKey}");

 

If this still does not work then I would try to test this in Postman to see if its works there.

https://theforms.pro
Kim Strauch
1 person likes this
  • Kim Strauch
    Kim Strauch
C
Contributor I
Forum|alt.badge.img
  • CameronT
  • Author
  • Contributor I
  • 2 replies
  • June 25, 2024

@Maxbuzz thanks for that. I have run the event with the PK hardcoded into the auth header, so I don’t think it’s being corrupted in-flight. I will run it up through postman shortly to see if that responds any differently.

 

Thanks.

C
Contributor I
Forum|alt.badge.img
  • CameronT
  • Author
  • Contributor I
  • 2 replies
  • Answer
  • June 26, 2024

No real solution to offer others here sorry, but the result for me was due to the key/token being included in the serialised object being sent as well, this seemed ot cause a parse error that returned as unauthorised. Once I mitigated this, I was then able to get responses and fix a few issues in payloads. All seems to be working now though.

Reply


Terms & Conditions

Links & Resources

Platforms

Partners

Useful Things

About

  • Terms and Privacy |
    © 2024 Klaviyo All rights reserved. Klaviyo and the Klaviyo logo are trademarks or registered trademarks of Klaviyo, Inc. or its affiliates.