Legacy Key Sunsetting

@Pav, looking at your solution, that makes sense. When I was looking at the, I realized if I used that option, I would wipe out the previously set headers… and never once did I think, to just pass them through :expressionless: vs modifying the Client class.

If I don’t have any “Third-Party Authorized Applications” on the Admin > Settings > API Settings page, do I have to worry about this? Cheers!

The applications listed on that page are OAuth-authenticated, not Legacy Key. This sunsetting is only of concern to those who are currently using their Legacy Key.

We will be running several sets of short blackouts to help users identify systems that require updating, and will continue to notify users that we see with active usage of Legacy Keys during this process. If you get a direct email from us regarding this sunsetting, that’s because we have logged traffic using that key for your application.

I have received this:

You’re receiving this email because you have used Legacy Keys within the past 30 days (May 26 - June 25, 2024) with current traffic of:

  • 3162 for m168

But this doesn’t give me any information about what parts of the system are using the API that needs to be updated.

How do I find this information?

@Alan_Hewitt, welcome to the community.

@bradb, I also received the same email as Alan, which means you are now helping your customers identify the Legacy Key usage. Can we have this email sent out on a weekend basis, as that will give us an idea if the Legacy Usage drops over time.

As mentioned before, we still need to see the a Log of the API Requests. It would be great if you can include some of the latest Legacy Key API calls in the email. Would be better to be able to download the log as well.

I just spent time with Customer Service on the phone trying to figure out WHAT we are using legacy keys for. We’ve been customers since 2006. I was asked if I could remember what we may have done (this is a joke, right?). I, too, was left with the conclusion that all we can do is wait for something to break.

Now I have to tell the account owner, the one who has been paying for Infusionsoft/Keap for 18 years, who will NOT be pleased with this strategy.

1 Like

Our support team has some limited reporting available that they can provide once you are authenticated; it doesn’t really tell what is calling, only the functions that are being performed. Unfortunately we are limited in our ability to automatically send out this reporting data as part of the email notifications at the moment, so it will require a support call to retrieve.

Here is an anonymized example of what you could expect to receive:

Provided, that the code is on the client’s server and not a 3rd party, you can do a search for the legacy API key. Can give you an idea of where some of the code is, that can be updated before the blackouts start.

Hi Tom,

We believe we have now made all the needed changes. Please confirm for m168.



How can we verify our LMS system made the switch from legacy API keys to OAuth tokens?

Good morning Katrina!

If you submit a ticket to our Advanced Support team they can run reporting on the most recent days API traffic and see if your application instance is currently handling Legacy API Keys. Make sure to specify a period at least 24 hours after you completed your transition to ensure that there are no transactions captured on delay.


You must know the app before you can lodge a support ticket!

How can you know which app is the culprit?

How can you know which apps you’re using?

The communication from Keap on this issue is not good enough! I don’t want to shoot the messenger but this situation is appalling.

The email states: “Need help with this transition? We have you covered.”

How have you got me covered? How can I fix an integration that I don’t even know exists?

And no, I don’t want to attend a 30 minute information session on API Updates at 7.30 am in the morning!

Please, I’m begging you, throw us a bone here!

Please publish a list of vendors who can diagnose and fix this problem. Thank you!

Hi all,

There are integrations out there that are currently using the Novak SDK (PHP). Unfortunately, the SDK has not been updated for the past 2 years. No guarantees if the original developers will update it any time soon.

Novak SDK - GitHub - novaksolutions/infusionsoft-php-sdk: An OO Infusionsoft PHP SDK

If your integration is using this particular SDK, another developer has made a fork of it, and has been making the necessary changes to it. You will have to contact the developer if there is any issues arise from it.