Help / Integrations / Klaviyo App & Testing

Klaviyo App & Testing Instructions

Detailed instructions for the Klaviyo review team to test Commerce365's OAuth installation flow and the end-to-end flow of data in and out of Klaviyo.

App overview

Commerce365 is an AI agent platform for Shopify merchants that unifies Shopify, Klaviyo, Meta Ads and Google Ads. Merchants connect Klaviyo via OAuth to analyze campaign and flow performance through an AI chat, see email- and SMS-attributed revenue on the dashboard, and run AI agents that act on Klaviyo data behind an approval gate. App base URL: https://commerce365.flatlineagency.com — Support: support@flatlineagency.com

OAuth flow

Commerce365 uses the Klaviyo OAuth 2.0 Authorization Code flow with PKCE (S256). Authorization endpoint: https://www.klaviyo.com/oauth/authorize — Token endpoint: https://a.klaviyo.com/oauth/token — Redirect / callback URI: https://commerce365.flatlineagency.com/api/oauth/klaviyo/callback — Install entry point: https://commerce365.flatlineagency.com/api/oauth/klaviyo/redirect. Access and refresh tokens are stored encrypted and scoped per merchant organization. Multiple Klaviyo accounts can be connected to one organization.

Requested scopes

accounts:read · campaigns:read/write · flows:read/write · lists:read/write · segments:read/write · profiles:read/write · metrics:read · events:read/write · templates:read/write · tags:read/write · catalogs:read/write · coupons:read/write · images:read/write · subscriptions:read/write

Customer workflow

1. Start the install — from the Klaviyo directory click Install, or in Commerce365 open Integrations and click Connect on the Klaviyo card. The install URL redirects straight into Klaviyo's OAuth screen, and works whether or not the user is already logged in to Commerce365 (logged-out users are routed through login, then continue automatically). 2. Authorize — review the requested permissions and click Allow. Klaviyo redirects back to the callback URL, which exchanges the code for tokens (PKCE) and fetches account details via GET /api/accounts/. 3. Select the account — if the organization manages more than one Klaviyo account, choose which account to bind. 4. Use the integration — ask the AI chat about campaign and flow performance, view email-attributed revenue on the dashboard, and enable approval-gated AI agents.

Deny permission & uninstall

Deny: if the user cancels on Klaviyo's authorization screen, Commerce365 shows a clear message that the required permissions were not granted and offers to restart the flow. Disconnect from Commerce365: the Integrations page has a Disconnect action (/api/oauth/klaviyo/disconnect) that revokes the stored token. Uninstall from Klaviyo: Commerce365 receives the Klaviyo webhook and marks the integration disconnected so both systems stay in sync. Settings URL: https://commerce365.flatlineagency.com/integrations

Integration details — use cases & endpoints

1 — Identify the connected account (account picker, naming)

GET https://a.klaviyo.com/api/accounts/

2 — Read campaigns and per-campaign performance

GET /api/campaigns · GET /api/campaign-values-reports

3 — Read flows and per-flow performance

GET /api/flows · GET /api/flow-values-reports

4 — Read lists and segments (audiences)

GET /api/lists · GET /api/segments

5 — Read subscriber profiles

GET /api/profiles

6 — Email/SMS-attributed revenue & metric trends (dashboard)

GET /api/metrics · POST /api/metric-aggregates

7 — Read events (fired instances)

GET /api/events

8 — Read templates, catalog items, coupons, images, tags

GET /api/templates · /api/catalog-items · /api/coupons · /api/images · /api/tags

9 — Create / send / schedule / pause / resume campaigns

POST /api/campaigns · POST /api/campaign-send-jobs · PATCH /api/campaign-send-jobs/{id}

10 — Manage subscriber consent (subscribe / unsubscribe)

POST /api/profile-subscription-bulk-create-jobs · POST /api/profile-subscription-bulk-delete-jobs

11 — Update a profile

PATCH /api/profiles/{id}

12 — Trigger flows / record events (single & bulk)

POST /api/events · POST /api/event-bulk-create-jobs

13 — Manage catalog items, coupons & codes, images, tags

POST/PATCH/DELETE /api/catalog-items · POST /api/coupons · POST /api/coupon-codes · /api/images · /api/tags

14 — Stay in sync on uninstall / revocation

Klaviyo webhooks → https://commerce365.flatlineagency.com/api/webhooks/klaviyo

All write use cases (9–13) require explicit merchant approval inside Commerce365 before any mutation is sent to Klaviyo.

Data flow

Tokens flow in during OAuth. Read calls pull campaign, flow, metric, profile, segment and event data out of Klaviyo for analysis and reporting. Approved write calls push changes (campaigns, events, consent, catalog/coupon/tag updates) into Klaviyo. Klaviyo webhooks notify Commerce365 on uninstall. All write actions require explicit merchant approval before any mutation is sent.

Product demo

Recorded demo of the installation and use cases: [ADD VIDEO URL — Loom / unlisted YouTube]. The demo covers the OAuth/PKCE authorization, account selection, the deny-permission path, reading campaign & flow performance in chat, email-attributed revenue on the dashboard, an approval-gated write, and disconnecting.

Testing access

App / login URL: https://commerce365.flatlineagency.com — Install / OAuth entry point: https://commerce365.flatlineagency.com/api/oauth/klaviyo/redirect — Settings page: https://commerce365.flatlineagency.com/integrations. We have added app.marketplace@klaviyo.com to our Klaviyo test account so the review team can run the end-to-end OAuth flow and observe data moving in and out of Klaviyo. No credentials are shared in this document. [Add test-workspace login instructions for the reviewer.]

Get early access to AI ad optimization

We are rolling out our AI ad-optimization agent for Meta and Google during a silent go-live. Join the waitlist for early access.

Install on Shopify

Built in Amsterdam for serious Shopify brands

(c) 2026 Flatline Agency. All rights reserved.

All Systems Operational

Privacy Policy