Basic API Usage

Hello, I am new to the Keap API, but I am experienced with PHP code… I am trying the following and receiving errors… any pointers? Let me know. Thanks!


ini_set('display_errors', 1);

// Replace these values with your Keap API key and app name
$apiKey = 'ddddddddddddddddddddddddddddddddddddddddddd';
$appName = '#####'; // Your Keap app name, e.g., 'yourapp'

// Keap REST API base URL
$baseUrl = "https://{$appName}";

// Endpoint to get contacts with a limit of 5
$endpoint = 'contacts?limit=5';

// Set up stream context with headers
$context = stream_context_create([
    'http' => [
        'header' => "Authorization: Bearer {$apiKey}\r\n" .
                    "Accept: application/json\r\n"

try {
    // Make a GET request to the Keap API
    $response = file_get_contents($baseUrl . $endpoint, false, $context);

    if ($response === false) {
        // Check for file_get_contents errors
        throw new \Exception("Failed to retrieve content from API");

    // Decode and output the JSON response
    $data = json_decode($response, true);

    if ($data) {
    } else {
        echo 'Error decoding JSON response';
} catch (\Exception $e) {
    echo 'Error: ' . $e->getMessage();


Good afternoon!

I think you might be confused as to our authentication and gateways. We have two current forms of authentication: OAuth2 Access Token/Refresh Token Grants, and API Keys.

API Keys are simpler and divided into PATs (Personal Access Tokens) and SAKs (Service Account Keys), but have low throttle limits because they are intended for limited personal and back-end office usage, due to their non-rotating nature. You use them by passing a specific header, not a default Authorization.

OAuth2 have much higher limits and are intended for those designing software for third parties, using a standard three-legged authorization specification. You use your Client Id to forward an end user to an authorization URL, then if they agree they are forwarded back to your endpoint with an Access Code that allows you to generate a limited-lifetime rotating Refresh Token and Access Token. You use them by passing the Access Token as a Bearer Authentication.

Regardless, both use a Base URL for the API of, not a tenant instance Id. I’m sure you probably found that elsewhere online, but it was only applicable to Legacy Keys, which are going to be phased out.

I hope this helps!

  • Tom Scott
    Keap API Engineer

Could you please provide me with a simple PHP script either PATs (Personal Access Tokens) and SAKs (Service Account Keys) from start to finish to show me something as simple as querying some contacts or orders from Keap? I have been reviewing as much documentation as I can find, but I am having a hard time getting started with just the basics :/.

Unfortunately I’m not a PHP developer; in-house we use primarily Java and Javascript as our development languages.

@Josh_Walusz Im using PHP to and the SAK method for connecting. Not sure how much PHP you know but I use Guzzle to make HTTPS calls. First you need to set up a client:

$keapClient = new GuzzleHttp\Client([
    'base_uri' => '',
    'headers' => [
        'X-Keap-API-Key' => env('KEAP_API_KEY'), //this will be the key
        'Content-Type' => 'application/json',

Once you do that you can then make calls to the API like so:

$response = $keapClient->request(
    'GET',  // change this out with whatever method you need to use
    '/crm/rest/v1/contacts', // change this out with whatever endpoint you need to hit

You can learn more about Guzzle here: Guzzle, PHP HTTP client — Guzzle Documentation if you dont wanna use Guzzle you can always use CURL.