🔐 Secure and manage your Mailchimp API keys effectively. Follow these best practices to protect your account and ensure smooth operation.

What You'll Learn

• How to store API keys securely
• When and how to rotate keys
• Security best practices
• Troubleshooting key issues

Time: 5 minutes
Difficulty: Intermediate

Security Best Practices

Use Read-Only Keys When Possible

For testing and exploration, create read-only API keys:

• Limits what can be accessed if compromised
• Perfect for AI Analyst (free tier) usage
• Reduces risk of accidental changes

How to create: In Mailchimp, create a new API key and restrict permissions to read-only operations.

Store Keys Securely

Do This

• Store in .env file (not committed to git)
• Use environment variables
• Enable disk encryption on your computer
• Use password manager for key storage

Don't Do This

• Commit API keys to version control
• Share keys in emails or messages
• Store in plain text files
• Share keys with unauthorized users

Rotate Keys Periodically

Best Practice: Rotate API keys every 90 days or:

• After any suspected compromise
• When team members leave
• After security incidents
• When switching between accounts

How to rotate:

1. Create a new API key in Mailchimp
2. Update your .env file
3. Restart Claude Desktop
4. Revoke the old key in Mailchimp

Use Separate Keys for Different Accounts

If managing multiple Mailchimp accounts:

• Use separate API keys for each account
• Don't share keys between accounts
• Restart Claude Desktop when switching keys

Restart After Changing Keys

Critical: Always restart Claude Desktop completely after changing API keys to clear cached resources.

Key Management by Role

For Marketers (AI Analyst)

• Use read-only API keys for analysis
• Perfect for exploring data safely
• No risk of accidental changes

For Account Managers

• Use separate keys for each client account
• Enable PII masking with sensitive accounts
• Rotate keys regularly for client accounts
• Use read-only keys for initial account reviews

For Business Owners

• Use full-access keys for campaign creation
• Store keys securely on your machine
• Rotate keys if shared with team members

Environment Variables Setup

Recommended Configuration

Create a .env file in your home directory or project directory:

MAILCHIMP_API_KEY=your-api-key-here
MAILCHIMP_SERVER_PREFIX=us9
MAILCHIMP_MASK_PII=true  # Optional, for sensitive accounts

Loading Environment Variables

The MCP server automatically loads from:

1. .env file in current directory
2. System environment variables
3. Configuration file

Key Permissions

Read-Only Operations (AI Analyst)

• View audiences and campaigns
• Access campaign reports
• Read member information
• View templates and settings

Write Operations (AI Marketer + Account Manager)

• Create and send campaigns
• Manage members and segments
• Update audience information
• Create and edit templates
• Manage automation workflows

Troubleshooting API Key Issues

Key Not Working

Check:

• API key format is correct (abc123-us9)
• Key hasn't been revoked in Mailchimp
• Server prefix matches your account region
• Key has necessary permissions

Permission Errors

If you see permission errors:

• Verify key has required permissions
• Check if key is read-only when write access needed
• Create new key with appropriate permissions

Key Exposed

If your key is exposed:

1. Immediately revoke the key in Mailchimp
2. Create a new API key
3. Update your .env file
4. Restart Claude Desktop
5. Review access logs in Mailchimp

Best Practices Summary

1. Use read-only keys for exploration
2. Store keys securely (.env file, encrypted disk)
3. Rotate keys periodically (every 90 days)
4. Use separate keys for different accounts
5. Restart Claude Desktop after changing keys
6. Never commit keys to version control
7. Revoke compromised keys immediately

Need Help?

• Troubleshooting Guide
• Getting Your API Key
• Security & Privacy Overview

---

Related Articles:

• Security & Privacy Overview
• Getting Your Mailchimp API Key
• Troubleshooting Common Issues