API Key

Legacy Alert! 6-12-24. We are sunsetting legacy API keys. Legacy API keys will be disabled and cease to work on Oct 31, 2024. The ability to generate new API keys will not be allowed after July 10, 2024. 

If you are an integrator, you will need to update to OAuth2. Choosing any other path will likely result in performance issues and could result in an unexpected and untimely disconnection of access and functionality. Here is the link to Getting Started with OAuth2.

Personal Access Tokens - Any user of the app can create a Personal Access Token, and it operates under the user context and permissions of the user creating it. Intended for casual/entry level developer users.

Service Access Tokens - Only admins can reate a Service Account Key as it will grant admin access to all of the API. Intended for first-party integrations. Third-party integrations should us the OAuth2 Access Code flow. PAT/SAK quotas are not adjustable.

Click here for more details.

1. Click your profile icon and select Settings in the menu.
   
   
2. Select API settings from the list
   
   
   In Max Classic
   
3. Personal Access Tokens - Any user of the app can create a personal access token, but it operates under the user context of the user creating it, with that user's visibility and editing permissions. Intended for casual/entry level developers, developers who want to play around with the API, or developers who want a simple authentication experience scoped to a single user and are less concerned about security.
4. Service Account Keys - Only admins can create a service account key as it will grant admin access to all of your stored data.  Intended to help you integrate your other business systems with our API.
   1. Click the plus icon on the key would like to create
      
      
      
   2. Enter a name that will distinguish this key from others and click Authorize
      
      
      

   3. Copy the key and save it to a safe place as you will no longer be able to access it again!

      
      

   4. In the future if you are no longer actively using a key we recommend that you remove it by clicking the icon on the same row to prevent unauthorized usage. You will be prompted to confirm, and if you do so the key will be removed. It may take several minutes for this deletion to propagate through our gateway.
      
      
   5. Now you can then use this key to make any normal API call necessary against the full Keap API
      
      

5. URI:  https://api.infusionsoft.com Headers:  "X-Keap-API-Key": "ProvideYourKeyHere"

   1. Be sure to treat your API Key as a protected secret, never committing it to source code repositories or deploying it alongside your application code. It is effectively a “password” for your own personal authorization to access data on your behalf.
   2. Quotas and Throttles:
      1. 10 Queries per Second
      2. 240 Queries per Minute
      3. 30,000 Queries per Day

Personal Access Tokens and Service Account Keys quotas and throttles cannot be altered.