API Legacy, What Is Using GuzzleHttp/7 ? Is It Zapier? or Another Software?

Hi there, I’m needing help with ensuring we are no longer using the Legacy API keys.

However the export that was provided by the team, isn’t too clear which software is using the legacy API.

please can you confirm if the GuzzleHttp/7 is Zapier?? As the Zapier team has no idea what to do either and they keep telling me to reconnect the Keap app, since they aren’t too clear on this legacy API issue.

Hi @Tim_Han, this is the problem other people are reporting, finding the software that is using the Legacy API Key.

From what I can tell, this looks to me that an older version of the Keap PHP SDK has been used for a particular integration. Or, in other words, did you have something custom developed a few years ago?

You can ask Keap Support to provide you with the raw API Call logs. If you can get the IP Address that can be traced to a particular location, which may help identify things.

Zapier will be running on its own platform and that uses OAuth, which requires the connection to be authorized. If you log into Zapier, then where you set up the Keap part it will ask you to authorize the connection. If you are unsure what to do then @Jeff_Arnold can answer as he is an expert on Zapier.

Third Party Platforms may not be aware of the sunsetting of the Legacy API. Most of them have transitioned to using OAuth over the years. But there is going to be a small number that will need to make the changes.


Hey @Pav , I had the team export the IP addresses earlier. Any idea to what this could be?

I’ve not had anything custom developed, I’ve only ever used different softwares etc.

On Zapier it’s worth noting that I’m using the Keap Max Classic (Hidden), across over 800 zaps. Not too sure if that’s the culprit?

@Tim_Han, this is what I found checking some of those IP Addresses, they are coming from Amazon and Google Datacenter’s.

Amazon

https://whatismyipaddress.com/ip/3.80.89.158
https://whatismyipaddress.com/ip/18.207.232.111
https://whatismyipaddress.com/ip/54.165.189.57

Google

https://whatismyipaddress.com/ip/34.82.214.44
https://whatismyipaddress.com/ip/34.111.147.222
https://whatismyipaddress.com/ip/35.233.163.104
https://whatismyipaddress.com/ip/35.233.215.172
https://whatismyipaddress.com/ip/35.247.96.31

Does that ring any bells?

You do have a lot of Zap’s configured, and they maybe pointing to a service that is running on the Legacy API Key.

Can you list the software that you have used over the years?

You can ignore these ones:

  • 34.111.147.222
  • 34.82.214.44
  • 34.168.138.231
  • 35.233.163.104
  • 35.233.215.172

These are Keap IPs of various proxies and NATs. We have fixed the logging to trust these IPs since you probably got this list. If they came through one of our proxies/NATs it is using OAuth/PAT/SAK authentication. So these should be fine.

For 35.247.96.31 it is possible this is one of the ephemeral IPs of Google which would be safe, but it is not one I have recored. If you ask support for an updated list, those IPs should now show the correct client IP.