Does the Raisely public API CAPTCHA change affect MoveData?
Short answer: No. Raisely's public API security update does not affect your MoveData integration, and you do not need to take any action for the sync to keep working.
What Raisely announced#
Raisely notified customers of a security enhancement to its public API, going live on 15 July 2026. To strengthen spam protection, campaigns with CAPTCHA enabled will require the campaign API key (raisely-sk-*) on a small set of public API endpoints:
POST /v3/campaigns/:campaign/registerPOST /v3/profiles/:profile/membersPOST /v3/users/upsertPOST /v3/posts
These are all endpoints that create or update records inside Raisely — registering a supporter, adding a profile member, upserting a user, or creating a post. They are the endpoints a custom front-end form or script would call to write data into Raisely.
Why MoveData is not affected#
MoveData's Raisely integration runs in the opposite direction. It is a webhook (push) integration: Raisely sends events to MoveData, and MoveData writes the corresponding records into Salesforce.
Raisely → Webhook → MoveData → Salesforce
MoveData receives donation, profile, subscription, and order events. It never calls the four affected endpoints, because it does not register supporters, add members, upsert users, or create posts in Raisely. The change only applies to integrations that call those endpoints on CAPTCHA-enabled campaigns — MoveData is a webhook consumer, not a caller of them.
What about the API key I entered when setting up MoveData?#
When you create a Raisely integration in MoveData you provide a Raisely API key (see Setting up Raisely). That key is used for the data-sync side of the integration and does not call any of the four CAPTCHA-protected write endpoints, so it is unaffected by this change. There is nothing to update.
When would this change affect me?#
The Raisely change only matters if you (or a developer on your team) have built a separate, custom integration — outside of MoveData — that posts to the endpoints above on a CAPTCHA-enabled campaign. For example, a custom donation or registration form on your own website that calls the Raisely public API directly. If that is the case, follow Raisely's guidance to include your campaign API key (raisely-sk-*) in those requests, and keep the key in a backend service rather than exposing it on the front end. This is unrelated to MoveData.