Recently you may have received an email from Keap, notifying you that they are “sunsetting the legacy API key”.

It’s true – and I know this is a somewhat technical conversation, so in this post we’ll explain what that means (here’s their overview), what you need to know, and what actions to take next (if any).

So, let’s start with the email that Keap sent out recently – it would have looked something like this:

There are a few important things to note in this email. First, there’s the deadline of October 31st.

Keap is giving users several months of notice about this planned change. But, don’t let that runway fool you – you don’t want to put this off until the last minute.

The second thing to note is that the email specifically calls out the number of API calls your Keap application has using the Legacy API key.

What is the API?

So, to be abundantly clear – API stands for Application Programming Interface. The API is effectively a method that Keap supports whereby other tools and applications can communicate with Keap, and vice versa.

If you have another piece of software that your business uses, and you want to be able to use it to pass information to Keap or receive information from Keap, then the API is generally how this would be achieved.

The API itself is not going away – at all. It is critical for Keap – in fact, it’s part of what makes Keap so powerful.

But there are several ways to use the API, and one specific access type (the Legacy API Key) is what is being removed.

Why is this changing?

Simply put, for security.

The Legacy API Key doesn’t have as much nuance as the newer connection methodologies, and therefore it was generally less secure.

What are the different API connection types?

There are a few – third-party authorized apps (OAUTH), personal access tokens, service account keys, and the legacy API key.

This video will help explain those different methods, how they differ, and why it matters:

Okay, so I think that gives a pretty solid high level overview – but if you’d like more detail, check out this 20-minute video from John Borelli, friend of Monkeypod and a Keap Certified Developer, where he digs into some more nuance regarding the different connection methods.

What do I need to do?

The Legacy API Key is going away.

If you aren’t using it – then this likely won’t affect you at all, and there’s no action required.

But if you have connections depending on this method, then it’s time to start looking into how those can be updated to use one of the other connection methods.

If you’re working with the integration offered by another tool you use but didn’t create, then you may need to contact them to make sure they’re aware of this change, and are taking measure to update how their plug-in communicates with Keap.

Now, if you have a custom built process that depends on the legacy API connection, then it may be a matter of connecting with a developer to evolve things so it doesn’t break in October when Keap stops supporting the Legacy API connection.

And, if you aren’t sure what tools you have that might be using this, then that’s where things get a little murky.

If you have some volume of legacy API calls, there isn’t currently an easy way to see which tools are using it. Everyone I’ve talked to indicates that it can take a little detective work to track down the different integrations.

If that’s something you’d like help with, my recommendation is to reach out to a Keap certified partner who can help spend time with you to make sure you’re not going to have any major disruptions later this year.

Special shout out to Mark Penney, from Meppy, for generously sharing his expertise in the video above.