Legacy Key Sunsetting

@Pav Thank you! I was able to chat with Keap and get screenshots of the API Calls User Agent. I see Customerhub in there. But I’m not sure what the others are…


I have only a few plugins installed on this site and Pocket Developer isn’t one of them.

I’m in cPanel and I don’t see any instances of “isdk.php” and “conn.cfg.php” Is there a specific folder they might be in?

@Becca_Olave / @Cheryl_Ragin / @Tim_Han, I have written a Guide to help identify the integrations via the link below.

@Becca_Olave, you have several integrations using the Legacy API Key. You should be able to fix CustomerHub by authorizing your connection. Have you heard of iSmartCommerce? Do you know if had any custom development done in the past, because you have an integration done in the Ruby language, which is not commonly used.

@Cheryl_Ragin, I have sent you a private message.

@Pav Thank you so much! That guide is so helpful! I haven’t heard of iSmartCommerce but I’m going to check with our team.

As a small business owner that is truly using Keap/IS more or less out of the box outside of CustomerHub, I have no clue what all these acronyms stand for nor do I feel super comfortable going into the code to change stuff. Is that your solution? I have followed your prompts and verified CH is connected. I now have a SAK but have no clue what to do with it. So now I wait to see if your “brown outs” disable my business? Seems short-sighted.

i noticed i was testing iSDK.php with PAT and SAK few days back and when i asked the logs from support these were included in logs file?

my question is is log including only legacy API call logs or using iSDK.php? im confused

@Customer_Support2, did you recently get an email from Keap saying that your account has used so many API Calls within a specified period? If not, then you are safe. If you have, can you share the details on the number of calls that were done. CustomerHub will require authorization to your Keap Account. No need for the Service Account Key here.

@pagedesigner, Keap Support should be supplying API Calls that have been made from the Legacy API Key, if you have asked for that? The Legacy API Key usage can come from a variety of places, depending what integrations have been done, so it is not just the Legacy iSDK. If you are testing things on a particular account, that just has the Legacy iSDK in use, then that would be the only integration still using it. If you have swapped it to PAT / SAK, then you would get a report of zero API Calls being reported.

I have not received an email about API calls. I did the reauthorization for CustomerHub yesterday. Thank you for the response.

Hey Marion - I just wanted to say THANK YOU for this. My head was spinning trying to figure out how to refactor old code to use the SAK and this was fantastic and is working great. Thanks as well to all the contributors in this threat, very helpful.

1 Like

@Andy_Michaels you’re welcome. Self preservation is a great motivator :smiley:

I previously submitted a support ticket (#03362108) regarding this inquiry nearly a week ago but have not yet received a response. So I would like to send it here as well.

We are in the process of transitioning our users from Legacy Keys to SAK/PAT authentication. However, the lower API limits associated with SAK/PAT are causing our users to frequently hit these limits, resulting in numerous support requests. We were advised that migrating to OAuth would address this problem. While we plan to gradually move our users to OAuth, we are concerned that the current limits of 150,000 queries per day and 1500 queries per minute are too low when shared across all of our Keap accounts.
Therefore, I have a few questions:

  • What is the process for requesting a limit increase in this situation?
  • How long does it typically take for a limit increase request to be processed? We are worried that delays in support may disrupt our users’ experience.

Good afternoon Mark!

Our Advanced Support team ( to whom tickets are routed when submitted via developer.keap.com ) handles validation of adherence to our policies and good usage patterns, then manages the tier of quota assigned. They usually look at the last 30 days of usage to determine if an increase of quota is justified, and if it is “wide” across a large number of tenants instead of “tall” and only hitting a few excessively, which can unduly strain our platform if expanded. Since I’m not familiar with your use case ( and Legacy Key traffic is semi-anonymized ) I’m unable to make any sort of preliminary determination from my end.

I’m not sure what their queue looks like as it’s not my department, but if you DM me the ticket number once you have it submitted I can check on the review process.

Thanks!

  • Tom Scott
    Keap API Engineer
1 Like

Good afternoon Tom,

Thank you very much for the detailed explanation and for offering to check on the ticket for us. We really appreciate your willingness to go the extra mile to help us resolve this issue.

@bradb, a few questions regarding the sunset.

Firstly, I have not received any recent API Usage reports for my Sandbox account, are they still being sent for them?

Secondly, are you increasing the Email Reminders for October? There is only 5 more weeks to go, and the monthly email will not be sufficient towards the end date.

Thirdly, on October 1st there is a 24 hour Brown Out, and then nothing in between until the end of the month. Would it not be better to add in a 2 Day Brownout during the middle of October? I know that will cause disruption, but it would be a good indication for your customers. It will give them a couple of weeks to resolve the issues if they can.

Also, how are you going to be dealing with customers come November 1st onwards? There is going to be some customers trapped in a situation where they are unable to make changes due to particular vendors not updating their software, or they have custom developed integrations that need updating. Not everything has a workaround, and not everything is going to be straight forward in making the changes either.

Yes, we are still sending them around the beginning of each month.

There are no plans to increase the frequency.

The break in brownouts are intentional, and there are not more planned brownouts after the 1st. Our internal plan has been to monitor usage and progress of migration. If we see progress stop we will likely add more brownouts, but the plan is a more hands on approach with our support teams reaching out to customers on a 1:1 basis. This phase has already started and will continue throughout October.

That is why we tried to give customers/vendors 5 months to get those changes done.

@bradb,

Here are some questions that would help gauge things.

How many of your customers are still using the Legacy API Key?
What is your estimation that figure will be by the end of the month?

The reason asking is that come November, are we going to see a flood of questions in the forums. Keap Support are going to redirect them to here or the Hub. Are we looking at dozens or hundreds of people enquiring?

My concern is that some customers are going to have some sort of unique or complicated setup that makes it difficult for them to easily make the changes. Here are some examples that will occur.

(1). Customer is using a particular piece of software that utilises WordPress, but is stuck on a particular version of PHP or WordPress. Their Keap / Infusionsoft based Plugins require to be updated to be able to use Service Account Keys. Unfortunately the customer is unable to upgrade things because of the software requirements.

(2). Customer is using a particular piece of software that uses the Legacy API Key but is based on a Compiled Language. If the Vendor or Source Code is no longer available, then it would be very difficult to patch the software. A new version may require to be built. Some software may take several days, weeks, or months to build, depending on the complexity of things.

I know there is some integrations developed on less popular programming languages. In some situations there is not going to be any alternative version of the software to use. You may have to provide some of lifeline to them.

Quote your reply.

That is why we tried to give customers/vendors 5 months to get those changes done.

Unfortunately, there has been a number of failings with your communications.

(1). I have come across older clients that have not been informed about the changes, without me telling them. It was found that the Email Address that was used to sign up their Infusionsoft Account is no longer functional or actively being monitored. That is telling me that a minority of your customers are completely unaware of what has been happening. The solution to this would be to Email all Administrators of the Account, so that they can inform the necessary people. I have noticed the warning notice appearing in the interface lately.

(2). Out of the hundreds of Vendors and Developers that have made integrations using the Legacy API Key over the years, how many keep a constant check of the latest changes of the API? It is not everyone, and there are still integrations that appear without the vendor knowing about the sunsetting of the Legacy API Key.

(3). If you are terminating something, you should be increasing the reminders to a weekly / daily basis this month. This is to give your customers plenty of reminders to move on. A 1 to 1 basis will help, but Support need to be doing this right now, not one week before the deadline.

(4). As mentioned before, other platforms give at least a 1 year notice if their is a major change to their API functionality. Something should have been mentioned at the beginning of the year instead of the short timescale like this.

I do not agree with the 1 month break in the brownouts, although I do not agree with the brownout policy either as I have not seen that done before in other platforms. But if you are heading towards termination, then you would increase the brownouts to indicate something needs to be done. It feels like a 1 month break is too much of a relaxation of things, before the door is shut completely.

Anyway, if there is just a small number of customers that need help from November, then that would be good sign that the vast majority have made the necessary changes.

@bradb, what happened with the 24 Hour Brownout on Tuesday?

I know it was operational, but just over halfway through the Legacy API Key was able to be used again.

No announcements were made about it.

I’m told that while we had the configuration in place an unexpected redundancy in CloudFlare caused a restart to default conditions which removed the brownout policy prematurely.

@Tom_Scott,

I noticed yesterday you posted information on another 2 brownouts that are being done for this month.

Any chance of sharing how many customers that are still using the Legacy API Key?

By adding additional brownouts this indicates that your customers are either leaving things late, struggling to make the transition, problems finding alternative software, waiting for the vendor to provide an update, or other things. Some may have complex setups that will require a lot of work to make the changes.

I know Keap have been reaching out to customers regarding their integrations. But what are the main problems your customers are reporting?

You may have to suspend the end of the month termination date if there is little movement over the next 3 weeks.

For a variety of reasons we do not provide metrics on our users publicly, no.

The most common request that has been raised (and I’ve been busy pulling logging data for) is just customers having no idea what they have put their Legacy Key into or service providers they have given it to over the years, which is exactly one of the problems we are taking steps to address through this process.