Hello,

What is client certificate?  Do we need to download from constant contact web site, in order to use OAUTH mechanism, to request for unauthorized request token over SSL for the below url.

https://oauth.constantcontact.com/ws/oauth/request_token

 

I am sorry, I do not understand what you mean by 'client certificate'. When obtaining an unauthorized request token, the only data that you need from Constant Contact is your API Key and Consumer Secret. The rest of the parameters that need to be included can be created through many OAuth Libraries and are not given by Constant Contact. The full list of parameters for this request can be found here, and they are:

oauth_callback - URL to which our service should redirect the user after authorizing the request token. Specify "oob" if there is no callback url (ie, desktop application)

oauth_consumer_key - Your API Key

oauth_nonce - A random string (see tools.ietf.org/html/rfc5849#page-17 for more details)

oauth_signature_method - We only support "HMAC-SHA1"

oauth_timestame - Timestamp of the request, expressed in the number of seconds since January 1, 1970 00:00:00 GMT

oauth_version - Should be set to 1.0  (This is the value that should be sent per OAuth 1.0a spec)

oauth_signature - A string value that is a signature of your request signed using your application's consumer secret (for more information see tools.ietf.org/html/rfc5849#page-18)