• Overview
• Why We're Making This Change
• Who will This Impact
• Timeline & Important Dates
• Firm Deadline - No Extensions Available
• Brownout Testing Program
• Migration Guides: Step-by-Step Instructions
• Software Development Kits (SDKs)
• Getting Help
• FAQs

Overview

We are sunsetting our XMLRPC service to provide you with a better, more secure, and faster API experience. This guide will help you successfully migrate from XMLRPC to our REST v2 API.

Why We're Making This Change

XMLRPC has served us well, but technology has evolved significantly since its introduction and deprecation. Here's why we're making this important transition:

Technical Limitations

• Outdated Protocol: XMLRPC uses older technology standards that limit performance and security improvements
• Limited Data Types: Restricted support for modern data structures and formats
• Verbose XML: Large message sizes that slow down your applications
• Poor Error Handling: Less informative error messages that make troubleshooting difficult.

Benefits of REST v2

• 3x Faster Performance: Streamlined JSON responses with significantly reduced payload sizes
• Modern Security: Support for OAuth 2.0, API keys, and enhanced encryption standards
• Better Developer Experience: Clear, predictable URL patterns and comprehensive documentation
• Future-Proof: Built on current web standards with ongoing feature development
• Enhanced Features: Access to new capabilities not available in XMLRPC

Strategic Focus

By consolidating our efforts on REST v2, we can:

• Deliver new features faster
• Provide better security and reliability
• Offer improved developer tools and documentation
• Ensure long-term platform stability

Who will This Impact

All API Users – anyone with an API connection to/from Keap that is using XMLRPC protocol

• Customers – creating or consuming standard or custom integrations/offerings that contain XMLRPC endpoints
• Internal Devs – ensuring we have viable v2 endpoints to provide value parity for our XMLRPC endpoints
• Partners – creating or consuming standard or custom integrations/offerings that contain XMLRPC endpoints, or having customers that do
• Developer Partners/Integrators (known/unknown) - have integrations or custom builds using XMLRPC

Timeline & Important Dates

Key Milestones

Recommended Migration Phases

Phase 1: Planning 

• Audit your current XMLRPC usage
• Review REST v2 documentation
• Plan your migration approach

Phase 2: Development Implement REST v2 integrations

• Test in your sandbox environment
• Participate in optional brownouts

Phase 3: Final Transition 

• Complete remaining migrations
• Validate all systems are using REST v2
• Remove XMLRPC dependencies

Firm Deadline - No Extensions Available

December 31, 2026 at 11:59 PM EST

This will be the only deadline. Here's what you need to know:

Why No Extensions?

• Security Requirements: XMLRPC lacks modern security standards we must maintain
• Infrastructure Costs: Maintaining dual systems is not sustainable
• Resource Allocation: Our engineering team needs to focus entirely on REST v2 improvements as we continue to combine systems due to the merger
• Industry Standards: XMLRPC is considered legacy technology by industry standards
• Sufficient Time: We provided sufficient time to migrate the endpoints within 13 months.

What Happens After the Deadline?

• Immediate Service Termination: All XMLRPC endpoints will return HTTP 410 (Gone) errors or similar
• No Fallback Options: There will be no grace period or emergency access
• Data Integrity: Your data remains safe, but you'll only be able to access it via REST v2
• Impact: While this termination will not impede your ability to function using REST, you will not have any functional XMLRPC endpoints after December 31, 2026

Plan Accordingly

• Start Early: Don't wait until the final months
• Test Thoroughly: Use our brownout testing to validate your migration
• Have Backup Plans: Prepare for potential issues and have contingency procedures
• Document Everything: Keep records of your migration progress and testing results

Brownout Testing Program

Brownouts are planned, temporary outages of XMLRPC services designed to help you identify and resolve any remaining dependencies before the final sunset.

How Brownouts Work

• Scheduled Outages: XMLRPC services are temporarily unavailable for 1-4 hours
• Advance Notice: 48-hour Pendo notifications before each brownout
• Monitoring Opportunity: See which of your systems are still using XMLRPC
• Safe Testing: No permanent impact on your data or REST v2 connections
• Ability to opt out: In the brown out schedule help article we will provide instructions

Brownout Schedule

*Full brownout schedule here. 

Participation Options

Opt-In Benefits (Recommended)

• Helps you find hidden XMLRPC dependencies early
• Validates your migration completeness
• Provides real-world testing scenarios

Opt-Out

• Uninterrupted service during migration planning
• Must complete migration validation independently
• Higher risk of undiscovered dependencies
• These will be no extensions for missed endpoints
• Opt-out instructions here

During a Brownout

You will receive an error message similar to the one below.

HTTP/1.1 503 Service Unavailable 
Content-Type: application/json

Migration Guides: Step-by-Step Instructions

Getting Started Checklist

1. Audit Your Current Usage

bash

# Search your codebase for XMLRPC references 
grep –rin  "xmlrpc" /path/to/your/code/ 
grep –rin "XML-RPC" /path/to/your/code/ 
grep -rin "xml" /path/to/your/code/

2. Inventory Your Integrations

• List all applications using XMLRPC
• Document the specific methods being called
• Note the frequency and criticality of each integration

3. Review Your Current Implementation

• Identify authentication methods in use
• Document data structures being sent/received
• Note any custom error handling or retry logic

Basic Migration Pattern

XMLRPC Request (Old Way)

POST https://api.infusionsoft.com/crm/xmlrpc/v1 HTTP/1.1  
Content-Type: text/xml  
 
<?xml version="1.0"?>  
<methodCall>  
<methodName>ContactService.findByNameOrEmail</methodName>  
<params>  
    <param>  
         <value><string>anything</string></value>  
    </param>  
    <param>  
          <value><string>John</string></value>  
    </param>      
    <param>  
          <value><int>10</int></value>  
    </param>  
    <param>  
          <value><int>0</int></value>  
    </param>  
  </params>  
</methodCall>

REST v2 Request (New Way)

http  
 
GET https://api.infusionsoft.com/crm/rest/v2/contacts?filter=given_name%3D%3DJohn&page_size=10 HTTP/1.1  
Authorization: Bearer YOUR_API_TOKEN  
Accept: application/json

Common Migration Examples

List Contacts

XMLRPC (Old)

php  
 
$response = file_get_contents(  
  "https://api.keap.com/crm/xmlrpc/v1",  
  false,  
  stream_context_create([  
    "http" => [  
      "method" => "POST",  
        "header" => "Authorization: Bearer    zZPzJOLRYwAJDHTt98xmUiyiyQxm\r\n" .  
      "Content-Type: text/xml\r\n" .  
      "Accept: text/xml\r\n",  
      "content" => '  
       <methodCall>  
        <methodName>DataService.query</methodName>  
       <params>  
         <param><value><string>apiKey</string></value></param>  
         <param><value><string>Contact</string></value></param>  
         <param><value><int>1000</int></value></param>  
         <param><value><int>0</int></value></param>  
         <param><value><struct></struct></value></param>  
         <param><value>  
         <array>  
          <data>  
           <value><string>Id</string></value>  
           <value><string>FirstName</string></value>  
          </data>  
         </array>  
         </value>  
         </param>  
       </params>  
     </methodCall>'  
     ]  
  ])  
);

REST v2 (New)

php  
 
$contacts = 

 file_get_contents(  
   "https://api.keap.com/crm/rest/v2/contacts/",  
   false,  
   stream_context_create([  
    "http" => [  
     "method" => "GET",  
     "header" => "Authorization: Bearer uourToken\r\nAccept:   application/json\r\nContent-Type: application/json"  
     ]  
   ])  
  );

Create Contact

XMLRPC (Old)

fetch("https://api.infusionsoft.com/crm/xmlrpc/v1", { 
  method: "POST", 
  headers: { 
    "Authorization": "Bearer zZPzJOLRYwAJDHTt98xmUiyiyQxm", 
    "Content-Type": "text/xml", 
    "Accept": "text/xml" 
  }, 
  body: `<?xml version='1.0' encoding='UTF-8'?> 
<methodCall> 
  <methodName>ContactService.add</methodName> 
  <params> 
    <param> 
      <value><string>privateKey</string></value> 
    </param> 
    <param> 
      <value><struct> 
        <member><name>FirstName</name> 
          <value><string>John</string></value> 
        </member> 
        <member><name>LastName</name> 
          <value><string>Doe</string></value> 
        </member> 
        <member><name>Email</name> 
          <value><string>john@doe.com</string></value> 
        </member> 
      </struct></value> 
    </param> 
  </params> 
</methodCall>` 
}) 
.then(res => res.text()) 
.then(console.log) 
.catch(console.error);

REST v2 (New) 

fetch("https://api.infusionsoft.com/crm/rest/v2/contacts", { 
  method: "POST", 
  headers: { 
    "Authorization": "Bearer zZPzJOLRYwAJDHTt98xmUiyiyQxm", 
    "Content-Type": "application/json", 
    "Accept": "application/json" 
  }, 
  body: JSON.stringify({ 
    given_name: "Johnsec", 
    family_name: "Doe", 
    email_addresses: [ 
      { 
        email: "john@doe.com", 
        field: 'EMAIL1' 
      } 
    ] 
  }) 
}) 
  .then(res => res.json()) 
  .then(console.log) 
  .catch(console.error);

Method Mapping Reference

*Full migration guide here. 

Software Development Kits (SDKs)

We provide official SDKs to make your migration easier and ensure best practices.

Available SDKs

SDKs are provided in the following languages, each including documentation and examples:

• C#
• Java
• JavaScript
• PHP
• Python
• TypeScript

They can be found along with their respective documentation at: https://github.com/infusionsoft/keap-sdk/

SDK Benefits

• Simplified Integration: Streamlines communication with the API, reducing the amount of boilerplate code needed.
• Consistency: Ensures standardized implementation across different projects and environments.
• Efficiency: Provides optimized methods and utilities for faster, more reliable API interactions.
• Maintainability: Makes it easier to update, debug, and extend functionality as APIs evolve.
• Comprehensive Documentation: Includes detailed guides and examples to support developers at every stage.
• Best Practices Built-In: Encourages secure, efficient, and scalable API usage patterns.

Getting Help

Migration Resources

• Complete API Documentation: Documentation, click arrow for options
• Tutorials: Tutorials 
• Code Examples: Examples Home Page

Direct Support

• Migration Support Team: Create a support ticket
• Engage other users and experts: API Q&A Forum
• Reach out to inquire about hiring resources: Facebook API Community 
• Emergency Escalation: +1 866-800-0004 x2

Community Resources

• Developer Forum: Q&A forum for Devs
• Facebook: Keap API Community
• Thryv (formerly Keap) Community: Customer Community

Frequently Asked Questions

• Why is this change happening? Customers will want to know the reasons for deprecating the old API, such as improved security, performance, stability, or to enable new features that the legacy API could not support.
• What is the value for me? Customers will question how the new API will benefit their business. Highlighting new functionalities, better performance, modern security features, and overall platform improvements will be key.
• Is the new API more secure? Given that XML-RPC is known for security vulnerabilities (e.g., as exploited in WordPress attacks), customers will want reassurance that the new APIs are secure.
• What if I don't migrate? Customers will need to understand the consequences of not migrating, including service degradation and the eventual complete shutdown of the legacy API. Endpoints
• Are you committed to supporting this new API? Customers may be hesitant to invest in a migration if they are not confident in the long-term support for the replacement API.
• Can I use both XMLRPC and REST v2 during migration? Yes! You can gradually migrate your integrations while keeping existing XMLRPC calls working until the sunset date.
• Will my existing API credentials work with REST v2?  Your account credentials remain the same, buWhat happens to my data during migration?  Your data is not affected by the API change. Only the method of accessing it changes.
• How long should I plan for migration? Most customers complete migration in 2-8 weeks, depending on the complexity of their integrations.
• Why does REST v2 use pointer-based pagination instead of offset pagination? 
  The new API follows pointer-based (a.k.a. cursor-based) pagination for improved performance and scalability, especially in large datasets. This approach avoids the inefficiencies and inconsistencies that offset pagination can cause when data changes between requests.

Additional Resources:

Migration Guide – XMLRPC to v2

V2 Mapping Guide - Spreadsheet

Brownout Schedule and Opt out of Brownouts

Help Identifying XMLRPC Integrations to Prepare for Brownouts

Time/Date Converter

Endpoints not being converted to v2 - Spreadsheet

Developer Guide

Email api-requests.keap@thryv.com if you are an integrator who would like your application status to be shared on our website in the Integrator Status Report (spreadsheet).