API Keys concern

As directed by Keap, I’m \looking at the API keys in my account and am a little puzzled about what I see.,

Under #rd Party Authorizations. I use Zapier and another for the Keap Zapier Integration. Unsure of why I have 2 authorizations, but more important I have no idea why I have one for Lab_Central_for_Dynamic_Marketing_Lab. Never used that service, to my knowledge. Almost 100% positive.

I received this email from Keap: "You are receiving this reminder because your app or apps IDs show traffic within the past 30 days using legacy API keys from July 1-31, 2024.

There were 7028 API calls for your app in July, Most of these must be from Zapier.

I have been trying to track down what Lab Central is. I don’t want to delete something that is in use appropriately. But I do not recognize it at all. And with an authorization date of August 12, it looks like it is active. Doing what?

Any advice?

Welcome @Tracy_Romm, taking a look online, I found these references to Lab Central / Dynamic Marketing.

http://wdem.wedeliver.email/

What is interesting is the last one is being hosted on the WeDeliver.Email platform (https://wedeliver.email/). Have you used any of these services before?

Zapier is using OAuth for Keap API Connection, in which you have to authorize the Connection. That has been around for years, and no longer uses the Legacy API Key.

Note, any software being listed in the Third Party Authorizations are safe from the sunsetting of the Legacy API Key.

As you have 7000+ API Calls, that means on a daily average of 233+ API Calls being used. Do you have Opt In / Subscriber Forms listed on your website?

Do you have any WordPress Plugins that are connected to Keap / Infusionsoft?

I have written a guide to help track down things which you can access below.

This helps clear up the mystery. It looks like that website is owned by the guy who did Deliverability Dashboard whch was tied to Keap. I can just delete that one.

Yes, WP Fusion. And we do have opt-in/subscribe forms on the website.

So all said, there’s nothing I NEED to do for this transition. Correct? And I will delete the WeDeliver one cause I don’t use their services.

Thank you.

You do need to determine what is making the API calls that are using the Legacy API Key authentication. We have a scheduled brownout happening in about 40 min and it would be a great time to test you systems to see if anything is not functioning properly.

@Tracy_Romm, it is WP Fusion that is using the Legacy API Key.

You need to raise a Support Ticket with them and mention that the Keap is sunsetting the Legacy API Key. They will have to make an update to switch to either OAuth or Service Access Key.

I got it. WP Fusion sent a message today - they finally caught up. I have now set up and installed a Service Account Key for them. Thank you for looking out for us! WP Fusion is a key component for us.

Tracy

1 Like

@Tracy_Romm, thank you for telling us, I have updated the guide to indicate that particular version.

Sorry to have to re-open this, but a new, related question has come up. I tried Support but that was pretty useless.

I just began receiving messages on a subdomain of our main website telling me about the need for a new service key for it. Of course I noted this as a blockhead moment for me 'cause when we were in touch previously, I didn’t even mention the subdomain.

Ok, so I generated and posted a new service authorization key for WP Fusion at avivaromm.com. All good. We also have a subdomain at members.avivaromm.com that relies heavily on WP Fusion. Since both of these sites are connected to Keap, I assume the message I am getting in the Dashboard at members is accurate - I need to post a new service authorization key there. My question is - do I use the same service authorization key that I created in our Keap account, or do I need to generate a new one specifically for this website? I have a good guess in mind, but I want to make sure I KNOW and am not guessing, Thank you in advance

I would create a separate SAK for each use, and make sure to name them in such a way as to be able to easily identify which is which. If you have a need to cycle keys in the future for security purposes you will be able to easily rotate a single one without having to reset every usage.

Thank you, Tom. I have done so.