Klaviyo Security Basics Overview Security best practices for Klaviyo: API key types, OAuth scopes, webhook HMAC-SHA256 signature verification, and secret rotation procedures. Prerequisites - Klaviyo account with API key access - Understanding of environment variables and secret management - Access to Klaviyo dashboard (Settings API Keys) Instructions Step 1: Understand Key Types | Key Type | Format | Use Case | Sensitivity | |----------|--------|----------|-------------| | Private API Key | (40+ chars) | Server-side REST API | CRITICAL -- never expose client-side | | Public API Key | 6 alphan…