About API Keys

In this article, we'll cover what an API is, how to use an API key to grant access to your Mailchimp account, and where to go for support with any additional questions that you may have about the Mailchimp API.

What is an API?

API stands for application programming interface. It can be helpful to think of the API as a way for different apps to talk to one another. For many users, the main interaction with the API will be through API keys, which allow other apps to access your account without you giving out your password.

Find or generate your API key

If you want to set up an integration with your Mailchimp account, chances are high that you'll need to generate an API key. Users with Manager permissions can generate and view their own API keys. Users with Admin permissions can also see API keys for other account users.

  1. Click this link to navigate to the API Keys section of your Mailchimp account: Your API Keys
  2. Copy an existing API key or click the Create A Key button.
  3. Name your key descriptively, so you know what application uses that key.

Disable an API key

If you're worried that an API key has been compromised, or you no longer use the integration that was accessing your account through a particular API key, you can disable that API key. To disable the API key, follow these steps.

  1. Click to open the API Keys section of your account.
  2. Find the API key you want to disable, and toggle the slider in the Status column for that API key.
    Find the API key you want to disable and click Disable.
  3. In the pop-up modal, click Disable.
    Pop-up confirmation modal to disable an API key.

API key security

API keys grant full access to your Mailchimp account and should be protected the same way you would protect your password. In particular, there are a few common scenarios to keep in mind when working with API keys.

  • Give each integration its own API key, and assign labels to each key so you know which key goes with which application. If a specific API key is compromised, you can disable that key without disabling access to all of your other integrations.
  • Be careful not to expose the key to the public (such as in screenshots, videos, or help documentation). Remember that blurring your data isn't always enough. It's best to use "cut" functions in your graphics program to remove the data completely.
  • Because of the potential security risks associated with exposing account API keys, Mailchimp does not support client-side implementation of our API using CORS requests or including API keys in mobile apps.
  • If a key needs to be shared, generate a new key and label it accordingly so it can be disabled, if needed. Never email the API key, because it would allow access to your Mailchimp account if hackers were to compromise your email account.
  • If you revoke a user's access to your Mailchimp account, any API keys created by the user will be removed from your account.
  • Access to each endpoint is determined by the role of the user who generated the API key. To learn more about user level permissions, visit Manage User Levels in Your Account.
  • As of 2018, developers who use Mailchimp API keys will no longer be able to use TLS 1.0 and 1.1. This may require you to make some security updates.

API support

Our Mailchimp Support Team isn't trained at in-depth API troubleshooting. If you need a developer to help you configure something using the API, check out our great Experts Directory, which lists third-party Mailchimp experts who can be hired to help out.

If you're a developer who wants to build your own integration with Mailchimp, check out our API documentation.

Was this article helpful?

Anything else we can do to improve our site?