Please note that Postman is not built or supported by Constant Contact, so we are limited in the support we can provide, but will try to answer any questions to the best of our ability.

The "invalid_request" error you're encountering when using the Implicit Flow is due to the lack of the required nonce parameter. Postman doesn't appear to offer a dedicated field for this parameter; I was able to find the following open feature request, asking them to add one: OAuth2 supporting a nonce for the auth URL. A workaround would be to manually append the nonce parameter to the authorization endpoint URL:

Regarding the error you encountered when using the Authorization Code Flow, you'll notice that our token endpoint expects the authorization_code as a query parameter & your app's credentials in the Authorization header. Postman is sending the authorization_code in the request body, and I was unable to locate an option within Postman to send it as a query parameter instead.

I was able to successfully obtain an access token by switching Postman's Client Authentication option from "Send as Basic Auth header" to "Send client credentials in body", however this isn't a documented, supported method of using our token endpoint, so I can't guarantee this will always be a viable workaround. I'd recommend contacting Postman's support to check if they offer a way to send the authorization_code as a query parameter.

Please let us know if you have any questions!

Regards,