Authentication question — Service Account Keys (SAK)
We’re planning to migrate from OAuth to SAK-based authentication to simplify our integration (no token refresh needed, no scheduled token helper process). Before we commit to this:
• Are SAKs considered the long-term recommended auth method for server-to-server integrations?
• Is there any plan to deprecate SAKs in favor of OAuth-only?
• Do SAKs have any rate limit or feature differences compared to OAuth tokens?
Any guidance on the v2 roadmap for these gaps or the SAK question would be really helpful. Happy to provide more detail on any of these items.
We don’t have any plans to discontinue Personal Access Tokens (PATs) or Service Account Keys (SAKs).
PATs/SAKs are designed for lighter usage. Currently, OAuth allows up to 150,000 calls per day and 1,500 calls per minute by default, while PATs/SAKs are limited to 10 queries per second, 240 queries per minute, and 30,000 queries per day. They are not intended for complex or high-volume integrations. For third-party integrations serving multiple Keap apps, OAuth is still the recommended approach.