Sunsetting Legacy API Keys Instructions

This article applies to:

If you use the latest version of our PHP SDK to integrate, we have released a new version and your existing Legacy Key will continue to be functional so long as you pass it into the PHP SDK as an api key. You will need to regenerate a new (non-Legacy) key prior to February 2025 in order to avoid a service disruption. We highly recommend you create a SAK (see below) to avoid the need to regenerate a new key in February.

If you want to, you can also generate a new SAK (Service Authentication Key). You can do so in your Keap app and use that instead, in a similar manner. This will fully embrace current authentication methods and retire the existing Legacy Key, to prevent you from having to make additional updates when we revoke all Legacy Keys in the first quarter of 2025.

If you use an alternate language to integrate or you are not on the latest version of our PHP SDK, you can continue to use your Legacy Key to make calls against the Keap API for now, but you will need to make some minor adjustments to your API calls.

  1. All calls must be routed to the main API endpoint, changing from


  1. You must send the key as a Header on the request of: “X-Keap-API-Key”: “YourLegacyKey”.  The “PrivateKey” value in the XML POST body can then be any placeholder.

If you are a third-party integrator (connecting with more than one application as a service) we require you to use our OAuth2 Bearer tokens for security and scalability. You can find complete instructions on our OAuth2 documentation page.

If you run into issues please reach out at Keap Integration Forum.

During this process there are some Key dates you need to be aware of:

  • Jul 10, 2024: - We will terminate the ability to generate Legacy Keys. If the Legacy Key field in your application is not already populated, you will not be able to generate a Legacy Key.

  • Aug 5, 2024: - We will begin a series of brownouts (intentional, planned disruptions of service). You will not be able to opt out of these. The only way to avoid them is to complete the migration. These will increase in length as we move closer to the blackout date. We will publish the schedule of times and dates in our regular communication outlets, such as the Keap CommunityIntegration, and the Keap API Community on Facebook.

  • Oct 31, 2024 - Legacy Key Sunset. Keap will no longer accept API calls using Legacy Key authentication.

If you have questions please use one of our available resources:

Please avoid contacting support. They will not be able to assist with this self-service technical issue and reaching out to them will likely cause a delay in getting the help you need.

Please note, when you change to PAT/SAKs the throttling methodology and limits will change.