Skip to main content

Klaviyo API Endpoints

This article lists the Klaviyo REST API endpoints the iPaaS.com Klaviyo integration calls, along with the authentication scheme, request revision, pagination behavior, and rate limits that govern those calls. It is reference material for subscribers or their MiSP who want to understand exactly how the integration communicates with Klaviyo. The integration calls these endpoints automatically; subscribers do not call them directly.

All requests are made against the Klaviyo API base URL https://a.klaviyo.com. Endpoint paths below are shown relative to that base URL.

Authentication

The integration authenticates to Klaviyo using one of two schemes, chosen by how the subscription is configured:

  • OAuth 2.0 (recommended): When the subscription is connected with the Authenticate button, Klaviyo issues an access token and refresh token. The integration sends the access token on every request as an Authorization: Bearer {access_token} header and refreshes it automatically when it expires.

  • Private API Key: When an API Key is supplied on the subscription instead, the integration sends it on every request as an Authorization: Klaviyo-API-Key {api_key} header.

The base URL the integration uses is taken from the API Url subscription setting.

Klaviyo documents both schemes in its API overview (Klaviyo, API Overview, retrieved 2026-06-26: https://developers.klaviyo.com/en/reference/api_overview).

Revision header

Klaviyo is a date-versioned API. Every request the integration makes includes a revision HTTP header whose value is an ISO 8601 release date (for example, revision: 2023-10-15). The value is taken from the API Revision subscription setting; when that setting is left blank, the integration sends 2023-10-15 by default. Subscribers can target a newer Klaviyo revision by setting API Revision to a valid Klaviyo release date.

Klaviyo documents the revision header format (Klaviyo, API Versioning and Deprecation Policy, retrieved 2026-06-26: https://developers.klaviyo.com/en/docs/api_versioning_and_deprecation_policy).

Endpoints by entity

Profiles (Customers)

In Klaviyo, an iPaaS.com Customer corresponds to a Profile. The integration uses the following Profile operations.

Operation

Method

Path

Get a Profile by ID, including subscription data

GET

/api/profiles/{id}/?additional-fields[profile]=subscriptions,predictive_analytics

Poll for recently updated Profiles

GET

/api/profiles?filter=greater-than(updated,{lastModifiedDate})&page[size]={size}&page[cursor]={cursor}

Create a Profile

POST

/api/profiles

Update a Profile

PATCH

/api/profiles/{id}

Find a Profile by email

GET

/api/profiles?filter=equals(email,"{email}")

Find a Profile by phone number

GET

/api/profiles?filter=equals(phone_number,"{phone}")

The poll operation drives inbound synchronization: Klaviyo does not send change webhooks, so the integration periodically requests Profiles whose updated timestamp is greater than the last polled time. Profile updates are sent as PATCH (partial update), so Klaviyo fields the integration does not map are preserved. The find-by-email and find-by-phone operations support duplicate detection when linking an inbound Profile to an existing iPaaS.com Customer.

Klaviyo documents the Profiles API (Klaviyo, Profiles API, retrieved 2026-06-26: https://developers.klaviyo.com/en/reference/profiles_api_overview).

Lists

Lists are how Klaviyo groups Profiles for subscription management. The integration uses the following List operations.

Operation

Method

Path

Get all Lists

GET

/api/lists

Add a Profile to a List

POST

/api/lists/{listId}/relationships/profiles

Remove a Profile from a List

DELETE

/api/lists/{listId}/relationships/profiles

Subscribe a Profile (bulk job)

POST

/api/profile-subscription-bulk-create-jobs

Unsubscribe a Profile (bulk job)

POST

/api/profile-subscription-bulk-delete-jobs

Subscribe and unsubscribe are submitted as Klaviyo bulk jobs; Klaviyo processes them asynchronously.

Klaviyo documents the Lists API (Klaviyo, Lists API, retrieved 2026-06-26: https://developers.klaviyo.com/en/reference/lists_api_overview).

Events

Klaviyo Events record customer activity. The integration writes iPaaS.com Transaction and Transaction Line data into Klaviyo as Placed Order and Ordered Product events. Events are append-only; the integration creates new events and does not update existing ones.

Operation

Method

Path

Create an Event

POST

/api/events

Find Events by Profile ID

GET

/api/events?filter=equals(profile_id,"{profileId}")

Klaviyo documents the Events API (Klaviyo, Events API, retrieved 2026-06-26: https://developers.klaviyo.com/en/reference/events_api_overview).

OAuth token endpoints

When the subscription is connected with OAuth, the integration exchanges authorization codes and refresh tokens for access tokens against Klaviyo's token endpoint.

Operation

Method

Path

Exchange an authorization code for tokens

POST

/oauth/token

Refresh an access token

POST

/oauth/token

Klaviyo documents OAuth (Klaviyo, OAuth for API, retrieved 2026-06-26: https://developers.klaviyo.com/en/docs/set_up_oauth).

Pagination

List-style Klaviyo endpoints use cursor-based pagination. The integration requests pages with the page[size] query parameter (the number of records per page) and the page[cursor] query parameter (an opaque cursor identifying where the next page begins). Klaviyo returns a top-level links object on each paginated response containing next, prev, and self cursor links; the integration follows the next cursor until no further pages remain. This is how the Profile poll retrieves all recently updated Profiles across multiple pages.

Klaviyo documents cursor pagination (Klaviyo, API Overview, retrieved 2026-06-26: https://developers.klaviyo.com/en/reference/api_overview).

Rate limits and concurrency

Klaviyo rate limits each endpoint on a per-account basis using a fixed-window algorithm with two windows: a one-second burst window and a one-minute steady window. Each endpoint is assigned one of five published rate-limit tiers (Klaviyo, Rate Limits, Status Codes, and Errors, retrieved 2026-06-26: https://developers.klaviyo.com/en/docs/rate_limits_and_error_handling):

Tier

Burst (per second)

Steady (per minute)

XS

1

15

S

3

60

M

10

150

L

75

700

XL

350

3500

The specific tier that applies to each operation is listed against that operation in Klaviyo's API reference. When a limit is exceeded, Klaviyo returns an HTTP 429 response with a Retry-After header indicating how long to wait before retrying; Klaviyo recommends retrying with exponential backoff only after the time in Retry-After has elapsed. The integration paces its own outbound requests, and any throttle or concurrency behavior a subscriber configures applies on top of Klaviyo's published limits.

Related Documents

Did this answer your question?