Legacy Key Deprecation

Keap has supported several forms of authentication for our APIs since we began offering our platform to developers. Currently, those include:

  • Legacy API Key (XMLRPC)
  • OAuth2 Access Code Flow and Refresh Token Flow (REST/XMLRPC)
  • Personal Access Token and Service Account Key (REST/XMLRPC)

As we have continued to work at providing a more performant experience however, we have found that we must unfortunately deprecate the first of our authentication methods, the Legacy API Key.

We understand that this will require some effort on the part of integrators, who may have long-running code in place. To assist with migrations to one of our current authentication methods we have been working to smooth the transition as much as possible.

To that effect, we are currently allowing you to continue using your Legacy Key on the XMLRPC API if you take two steps:

  • Send the Legacy Key as a Header on the request of “Authorization: Bearer YourLegacyKey”
  • Change the request URL to “https://api.infusionsoft.com/crm/xmlrpc”

We do however suggest generating a new Service Account Key to replace your existing Legacy Key as part of this process, as we do plan to deactivate all Legacy Keys at a point in the near future.

As an additional benefit of this transition you will be able to begin moving to the REST API with the same Legacy API key, to future-proof against XMLRPC API deprecation.

Please note that we will be performing periodic brownouts during this process to assist consumers in identifying integrations that use this method of authentication. You can find our planned outage schedule here.

If you have any additional questions, please feel free to review our migration documentation or join us on the Keap Developer forum.