I have read through Pav’s excellent “Legacy API Key - Identification Guide” but unfortunately I still don’t understand what is triggering these calls.
Last week I updated Memberium and InfusedWoo and created new SAK for them. The only other wordpress plug-in I see that seems connected to Keap is “WP Gravity Forms Infusionsoft” from CRMperks. I asked them about it and they replied: “we do not use legacy api keys”
On their site, they imply that they use a very different approach:
Could that be using Legacy API calls? It seems to be a totally different way of connecting with Keap.
I asked Keap Support for a log from the past 2 days (only 2 days because I wanted to focus on calls AFTER I changed Memberium and InfusedWoo). It’s full of XML-RPC, etc. You can see it in this CSV file.
Hi @David_Blatner, quick question, did you get an email from Keap saying “Action required:API legacy keys” with the number of API Calls for the last 30 days?
Keap Support need to ask the question what the requests are for, because they may just provide a list of the API Calls regardless of the Authentication / Connection Type.
If you did get an email saying you are using the Legacy API Key, then you need to ask Keap Support to provide a list of the recent API Calls using the Legacy API Key.
Hi @Pav, yes, did you see the CSV file that I linked to in my original post?
I did get a 30-day log from them first. However, in order to narrow it down, I asked for a 2-day log also.
My main question is: Should I worry about any of these?
I tested everything I could think of during the brown-out today, and did not see any problems. But perhaps I am missing something?
No. All Legacy Key API calls are XML/RPC, but not all XML/RPC calls use Legacy Key Authentication.
Pav is referring to an email that was very specific about your application receiving Legacy API Key calls. The CSV file is not definitive of Legacy API Key calls. If you PM me you application (tenant) id, I can look real quick.
@David_Blatner, thanks, I have now taken a look at your CSV file.
Incutio
Looking online for this reference “The Incutio XML-RPC PHP Library” I came across this GitHub Repository for it. But it has not been updated for 5+ years now.
Unfortunately the company Incutio, which was a United Kingdom based Web Development company no longer exists, as I found the reference below.
In other words, it seems you have something custom developed running on an older version of the PHP Scripting Language. Given that the Library was last updated 5 years ago, I am sure there will be problems if you upgrade PHP.
Looking at the API Calls, it seems to be doing the following.
Searching for Contacts.
Adding Tags to Contacts.
Removed Tags from Contacts.
Updating Contacts.
Opt In Contacts.
Searching for Credit Cards.
Validating Credit Cards.
Triggering an Automation (Campaign Builder) Goal.
XML-RPC for PHP XX.XX.XX
You have a mixture of Third Party Integrations or Custom Developed Scripts running on different versions of the XML-RPC library.
v3.0.0-beta Released On: Dec 15, 2013
v4.2.0 - Released On: Jun 30, 2017
v4.10.1 - Released On: Feb 22, 2023
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
This references to the Web Browser that triggered the Script. I wonder if the API Calls are being done in JavaScript or passed to the server instead. Not easy to identify here.
GuzzleHttp/XX.XX.XX
That points to the Keap PHP SDK being used here, as that uses the Guzzle Library.
Summary
It seems that you have different types of integrations or custom developed scripts in use here.
Given that older versions of the XML-RPC Library are being used, it does point that the Legacy API Key is being used here.
You definitely need to investigate what integrations you have installed as some will definitely break if they are not updated with the required changes soon.
