Introduction
On June 12th Keap made an announcement in the Community Forum that the Legacy API Key will be sunset in the coming months.
Over the years the most popular integrations have transitioned across to OAuth, in which you have to authorize the connection to your Keap Account without needing to specify the API Key. These integrations are not affected and will carry on running for years to come.
The Legacy API Key has been around since 2006, which means 1000s of scripts have been written over that time. If you have recently received an email from Keap saying “Action required:API legacy keys” then you need to investigate what integration is still using the Legacy API Key. This will either be easy or difficult process, especially if you have something running for years.
The information that is provided below is to help you identify what the integration could be, and solutions to getting them updated. Please note, this will not cover every integration that is using the Legacy API Key as it impossible to know what has been developed over the years.
Feedback
Your feedback would be appreciated. The more that is known, the easier it will become in identifying the integrations that are still using the Legacy API Key.
Terminology
An explanation of the Terms that would be used in this Guide.
| Term | Description |
|---|---|
| API | Application Programming Interface (API) is a way for software to communicate with each other. |
| Integration | Software communicating to each other via the API. |
| Legacy API Key | Original way for Integrations to connect to Keap (Infusionsoft) using the API Encrypted Key. |
Keap Articles
Below is a list of Keap Articles are related to the Legacy API Key.
| Article | Link |
|---|---|
| Announcement | https://integration.keap.com/t/legacy-key-sunsetting/92790/ |
| API Instructions | https://help.keap.com/help/sunsetting-legacy-api-keys |
| Brownouts Schedule | https://docs.google.com/document/d/1TyiF0U3TO09hz-d0R26E9wb9EIBS1wpGrCyl2WjSxCU/preview |
| Deadline Extension | https://help.keap.com/help/legacy-api-keys-deadline |
| Integrations Explanation | https://www.youtube.com/watch?v=a0LiOj_wG4k |
| Integrators Progress | https://help.keap.com/help/keap-integrators |
| Legacy Key Migration | https://developer.infusionsoft.com/legacy-key-migration/ |
| Personal Access Tokens & Service Account Keys | https://developer.infusionsoft.com/pat-and-sak/ |
| Sunset Q&A Session | https://integration.keap.com/t/sunsetting-legacy-api-keys-live-q-a-replay/93047 |
Keap Action Required Email
If you got an email from Keap with the title “Action required:API legacy keys” then you have integrations connected to your Keap Account that are currently using the Legacy API Key.
If you did not get an email, but you know you have integrations using the Legacy API Key, then you need to find out who has been receiving the Email. As businesses grow, the owner details of the account may be reassigned to different people or departments.
If you are unsure, then you need to contact Keap Support and ask for the API Calls that have been done using the Legacy API Key.
API Settings
In your Keap Account, there is a an API Settings via the User menu. In there you will see different sections which are briefly explained below, and if they are safe to use.
| Section | Description | Safe |
|---|---|---|
| Third-Party Authorized Applications | Shows a list of applications that have been authorized. Majority of applications have switched to OAuth over the years. | Yes |
| Personal Access Tokens (PAT) | These are specific tokens that the User can generate. | Yes |
| Service Access Keys (SAK) | These are specific tokens that the Administrators can generate. | Yes |
| Legacy API Key | This is the API Key that is being sunset. ** Do Not Use It Anymore. ** | No |
Getting the API Calls Information
You need to ask Keap Support to get information about the API Calls that have been made using the Legacy API Key. By default you will be provided with a basic summary which will say “Context Tenant, Class Name, Action, Requests”. The API Calls Summary section below will give an explanation of what those calls mean.
If that does not help, then you ask Keap Support for a detailed copy of the recent API Calls. This contains more detailed information with the User Agent and IP Addresses of the calling script. Information about the User Agents and IP Addresses is given below.
API Calls Summary
The table below gives a summary of what the API Calls mean. This list is not complete and will be updated over time.
| API Call | Description | Examples |
|---|---|---|
| APIEmailService.optIn | Opts In an Email Address. | Opt In Form. |
| APIEmailService.optOut | Opts Out an Email Address. | Unsubscribe Form. |
| ContactService.add | Adds a New Contact. | Form Submissions. |
| ContactService.addToGroup | Assigns a Tag to a Contact. | Form Submissions / Opt In / Various items. |
| ContactService.addWithDupCheck | Add or Update a Contact with Duplication Check. | Form submissions / Opt In / Various items. |
| ContactService.findByEmail | Searches a Contact by its Email Address. | Opt In Forms. |
| ContactService.linkContacts | Link two Contacts together. Visible in the Contact Record - Linked Contacts tab. | Personal / Business Relationship |
| ContactService.load | Gets the Contact details. | Displaying of Contact information. |
| ContactService.update | Updates a Contact. | Updating of the Name, Address, etc. |
| DataService.delete | Deleting of a Record | Deleting of a Contact, Order, etc. |
| DataService.getAppSetting | Gets the Application Setting. | Check if the Account is enabled / Business Details / Particular settings. |
| DataService.query | Searches Data in your Account. | Searching for particular Contacts, Tags, Orders, etc. |
| FunnelService.achieveGoal | Adds a Contact to a Automation (Campaign) Goal. | Adding a Contact to a Sequence / Triggering a Calculation |
| InvoiceService.addManualPayment | Adds the Payment to an Order. | Order Placement. |
| InvoiceService.addOrderItem | Adds an Order Item to an Order. | Adds a Product or Tax Item to an Order. ] |
| InvoiceService.calculateAmountOwed | Gets the Outstanding the Amount for an Invoice. | Order Placement / Invoice Information. |
| InvoiceService.chargeInvoice | Charges the Invoice for the Order. | Order Placement. |
| InvoiceService.createBlankOrder | Create a New Order. | Order Placement. |
| InvoiceService.validateCreditCard | Checks if the Credit Card is valid. | Check if Card has expired. |
| WebFormService.getMap | Get a list of the Web Forms. | Web Form listing. |
User Agents
If you have received an export of the recent the API Calls, then you need to go to the “userAgent” column.
The table below gives a summary of what the User Agents mean. This list is not complete and will be updated over time. The “XX.XX.XX” wording refers to the Version Number.
| User Agent | Description |
|---|---|
| CustomerHub-XX.XX.XX | Customer Hub. |
| DeliverabilityDefender/GuzzleHttp/XX | Deliverability Dashboard / Deliverability Defender By Email Smart - https://deliverabilitydashboard.com/defender/ |
| GuzzleHttp/XX | Keap SDK / Custom Integration. |
| Infusionsoft PHP iSDK OAuth V XX.XX.XX | Early Keap SDK ? |
| Invory Http Adapter XX.XX.XX | Keap SDK ? |
| The Incutio XML-RPC PHP Library | Incutio company version of the Library. |
| WordPress/XX.XX.XX; Divi Builder/XX.XX.XX; | Divi Builder - Infusionsoft Integration - https://www.elegantthemes.com/gallery/divi/ |
| XML-RPC::Client (Ruby XX.XX.XX) | ClickFunnels - Payment Gateway and Sales - https://www.clickfunnels.com/ / Ruby Language version of the SDK. |
| XML-RPC for iSmartCommerce XX.XX.XX | iSmartCommerce - https://ismartcommerce.freshdesk.com/support/home |
| XML-RPC for PHP XX.XX.XX | Used by Infusionsoft iSDK / Keap Legacy iSDK / Modified Legacy iSDK. |
| Zapier | Zapier - You need to migrate to the Newer Keap Zap - https://zapier.com/ |
Places to Search
Integrations can be a variety of places, it depends on what has been used, installed, or developed over time.
| Software | Search Information |
|---|---|
| Website - Public Folder | Integrations / Custom Developed Scripts could be in a variety of places, but usually they are found in the Website Public Folder, eg: “public_html” / “www”. If you come across files called “isdk.php” or “conn.cfg.php”, they would refer to the Legacy iSDK, which would be using the Legacy API Key. There is no guarantee that these files exist as some integrations could be done differently, and so you have to delve deeper trying to find things. |
| WordPress - Plugins | If you have WordPress, look at the Plugins that you have installed. Check any Plugins that are connected to Keap / Infusionsoft. In the Plugin Configuration / Settings section, check if the Legacy API Key is being used. |
IP Addresses / Hosts
If you use the an IP Address Look Up Service, eg: Whats My IP Address - https://whatismyipaddress.com/ip-lookup , you will be able to see the host of the integration. By finding the Host it may help identify that was used in the past.
The table below gives a summary of which hosts have been identified so far.
| Host | Description |
|---|---|
| Amazon | Amazon AWS - Hosting provider for Integrations / Scripts / Platforms. |
| Google Cloud - Hosting provider for Integrations / Scripts / Platforms. | |
| Hostgator | Web Hosting provider. |
Keap Integrators Progress
Keap has provided a list of Integrators that have either upgraded or not from the Legacy API Key.
Note, this list would have come from the Marketplace, but it will not cover every Integrator.
https://help.keap.com/help/keap-integrators
You will find below a list of other software that has been identified at risk. Several of these are not in Keap’s list.
Platforms / Software that support both Legacy API Key and OAuth / Service Account Keys
Beaver Builder - https://www.wpbeaverbuilder.com/
- Upgrade to v2.8.4 - 10/3/2024 release to use the Service Account Key.
ClickFunnels - https://www.clickfunnels.com/
- Provides V1 (Legacy API Key) and V2 (OAuth) Infusionsoft Integrations.
- Migrate to V2 and remove the V1 integration.
- Email - https://support.clickfunnels.com/support/solutions/articles/150000152828-integrating-with-keap-infusionsoft-email
- Payment Gateway - https://support.clickfunnels.com/support/solutions/articles/150000152988-integrating-clickfunnels-with-keap
- Web Form - https://support.clickfunnels.com/support/solutions/articles/150000152797-connect-keap-with-your-page
CustomerHub - https://www.customerhub.com/
- Convert to use an Authorized Connection (OAuth): https://www.customerhub.com/help-center-articles/connect-to-your-infusionsoft-keap-api
Deliverability Dashboard by EmailSmart - https://deliverabilitydashboard.com/
- Convert to use an Authorized Connection (OAuth).
Gravity Forms - https://www.gravityforms.com/
- Add the Infusionsoft Plugin that asks for the Client ID and Client Secret details to be provided.
- Migrate all forms to that particular plugin integration.
- Remove the Infusionsoft Plugin that asks for the API Key and Account Subdomain.
WP Fusion - https://wpfusion.com/
- Make sure you have Version 3.44.0 and above installed, requires Service Account Key.
- Change Log - https://wpfusion.com/documentation/faq/changelog/
- Previous versions will still be on the Legacy API Key, so make sure you can upgrade to the latest version.
XtendIn - Chrome Browser Extension
- Last official release on the Chrome Web Store was v0.5.3 in August 2019.
- All versions from v0.5.3 and below work with the Legacy API Key.
- A patched version v0.5.4 (October 2024) has been developed which supports the Service Account Key.
- The extension needs to be installed offline as it is not available on the Chrome Web Store anymore.
- Note, Google will stop supporting Version 2 of the Extension platform in the future, so the extension will eventually stop working.
- Just contact me if you would like to get a copy of the software.
Zapier - https://zapier.com/
- You will need to migrate from the Infusionsoft Zap to the Newer Keap Zap.
- The Keap Zap will allow you to Authorize your Connection instead.
Platforms / Software At Risk
The following software has been identified at risk.
ElegantThemes - Divi - https://www.elegantthemes.com/gallery/divi/
- Uses the Legacy API Key.
- Raise a Support Ticket with the Vendor to inform them.
Everlesson - https://everlesson.com/
- Uses the Legacy API Key.
- Raise a Support Ticket with the Vendor to inform them.
iSmartCommerce - https://ismartcommerce.freshdesk.com/support/home
- Info - https://download.cnet.com/ismartcommerce-infusionsoft-pos-solution/3000-2064_4-76577896.html
- Articles last updated in 2016.
- Unknown status.
- Raise a Support Ticket with the Vendor to inform them.
Pocket Developer - https://theapiguys.com/pocket-developer/
- Initially developed to use the Legacy API Key.
- Unknown status.
- Raise a Support Ticket with the Vendor to inform them.
Novak Solutions - https://novaksolutions.com/
- Initially developed to use the Legacy API Key.
- Cloud Backup / Data Warehouse.
- Unknown status, seems abandoned?
Unbounce - https://unbounce.com/
- Initially developed to use the Legacy API Key.
- Does not seem to support Service Account Keys.
- Raise a Support Ticket with the Vendor to inform them.
Zoom - Infusionsoft - https://marketplace.zoom.us/apps/7kICcSV2RgKggm8swACASQ
- Uses the Legacy API Key.
- Raise a Support Ticket with the Vendor to inform them.
Software Development Kits (SDKs) / Libraries at Risk
The following SDKs / Libraries have been identified at risk.
C# - Cook Computing XML-RPC
- Older .NET version.
- Alternative version: https://github.com/LordVeovis/xmlrpc
C# - EventDay Wrapper
- Last release was in 2018.
- Still uses the Legacy API Key.
PHP - Incutio XML-RPC LIbrary (iXR) - https://github.com/faizanakram99/IXR_Library
- Last release was in 2019.
- Custom developed scripts using the library may be at risk if the PHP Scripting Language is updated.
PHP - Infusionsoft iSDK (Legacy iSDK)
- Last release was in 2013.
- Alternative version supporting SAK / PAT: Legacy Key Sunsetting - #39 by Marion_Dorsett2
PHP - Novak SDK - https://github.com/novaksolutions/infusionsoft-php-sdk
- Novak SDK has not been updated for several years.
- Alternative version supporting SAK / PAT: https://github.com/prelude2a/infusionsoft-php-sdk
Thank You
Thank you to the following people who posted questions or contributed related to the Legacy API Key.
Alexandra_Systems, Becca_Olave, bradb, Bre_Aasland, Brenda_Blaze, Customer_Support2, David_Blatner, David_Peralta_Alegre, Doug_Carey, Cheryl_Ragin, Kendall_Gjevre, Khorshed_Alam, Marion_Dorsett2, Mike_Bloxam, Lucy_Perkins, Richard_Bergman, Sandra_Dalziel, Sehrish_Imran, Tim_Han, Tom_Scott, Tracy_Romm