I do have the following in Traffic Inspector > Settings > Request Whitelist:
{\/wp-json\/klaviyo\/*}
Did you get anywhere with this as we are also hitting the same issue ourselves?
I was thinking that we should add something into the anti spam section / query whitelist – but I am unsure if this would suffice or not?
Plugin Author
gioni
(@gioni)
While this is less than ideal
I say more: this is awful and non-professional recommendation. Anyone can spoof the User-Agent string (UA) with easy. That’s why it’s not implemented in WP Cerber. If you need to grant access to a specific REST API route, you have to use the “Allow these namespaces” list on the “Hardening” tab. See more: https://wpcerber.com/restrict-access-to-wordpress-rest-api/
I will also update my own ticket – however we have found actually that it was a plugin conflict that was stopping klaviyo working – suggest that you run a staging site and deactivate plugins until you find the one that clashes with your system – for us it was WC Currency Switcher
I used postman to test against
I have not had to change any settings within wp cerber at all
@gioni – agreed. Klaviyo are gaining a lot of traction these days and use AWS, I’m surprised their infrastructure works like this.
I believe our issue was that we were using JWT auth, which caused problems with wp-cerber (it would identify consumer_key as non-existent username, impacting several external services and requiring white-listed IPs). Since disabling this we have klaviyo working and our other services aren’t being incorrectly picked up by wp-cerber.
Thanks.
