Got a 'How do I' question? Join our live 'Ask a Trainer' session happening now for instant help and pro tips!

401 Unauthorized - OAuth

SOLVED
Go to solution
MattG966
Campaign Collaborator
0 Votes

I'm going to preface this by saying I could be doing this completely wrong, but that's why I'm asking for help :smileyface:

 

I've successfully received my OAuth 2.0 access token, and now I'm trying to do a simple Add Contact test to my list.  Here is the url I'm using:

 

https://api.constantcontact.com/ws/customers/example@example.com/contacts?access_token=my-oauth-acce...

 

I'm doing a POST to that url with this data:

<entry xmlns="http://www.w3.org/2005/Atom">
<title type="text"></title>
<updated>1/1/1900</updated>
<author></author>
<id>data:,none</id>
<summary type="text">Contact</summary>
<content type="application/vnd.ctct+xml">
<Contact xmlns="http://ws.constantcontact.com/ns/1.0/">
<EmailAddress>test@example.com</EmailAddress>
<FirstName>john</FirstName>
<LastName>doe</LastName>
<OptInSource>ACTION_BY_CUSTOMER</OptInSource>
<ContactLists>
<ContactList id="http://api.constantcontact.com/ws/customers/example@example.com/lists/1" />
</ContactLists>
</Contact>
</content>
</entry>

 

I get a (401) Unauthorized response with this call.  What am I doing wrong?

1 ACCEPTED SOLUTION
Shannon_W
Employee

Hi,

 

An access token will remain valid until another one is generated.  Since you're putting in the one you think is valid, the only way to get a new one that you know the value of (that I can think of) would be to generate a new access token (go through the OAuth 2 flow again).  

 

A common mistake is to use the auth_code or code in place of the access token.  The code is generated in the step before you get the access token.  The access token is generated after granting access and redirecting back to your redirect url for the last time--it is appended to your redirect url.

 

In general, in the OAuth 2 flow, it would be best to check to see if a token exists and if one doesn't, put the user through the OAuth flow (then store the access token in a database, assuming you have more than one user).

 

Best Regards,

Shannon W.

API Support Specialist

View solution in original post

10 REPLIES 10
Shannon_W
Employee
0 Votes

Hi,

 

Most of your XML looks good, but your id tag should be changed. It should reference a URI available to you, like below:

 

<id>http://api.constantcontact.com/ws/customers/username/contacts/101</id>

 

Also, are you replacing example@example.com with your Constant Contact username (not your email address, unless you used your email address as your username)?

Best Regards,
Shannon W.
API Support Specialist

MattG966
Campaign Collaborator
0 Votes

I'm not sure that your comment about "reference a URI available to you" makes sense.  Since I'm adding a contact (and in this case, it's my first one), how can I have one that's already available to me?

 

And yes, I was using example@example.com as a placeholder.  My username is my email address and didn't want to broadcast that to the world.

 

Since my XML looks good, can I pass along any other information to you that you can use to solve the problem?  Access token?  Username?  Something else?

Shannon_W
Employee
0 Votes

Hi,

 

Your XML looks good except for the id tag. The id tag has to reference your username as I've demonstrated below.  Change it from what you had:

 

<id>data:,none</id>

 

To the following, replacing your username:

 

<id>http://api.constantcontact.com/ws/customers/username/contacts/101</id>

 

Let me know if that works.

 

Best Regards,

Shannon W.

API Support Specialist

 

MattG966
Campaign Collaborator
0 Votes

No dice: (401) Unauthorized

Shannon_W
Employee
0 Votes

Hi,

 

I'd like to take the XML completely out of the equation for troubleshooting purposes.  Could you do a simple GET on your contacts, by using the URL below (and not providing anything in the body of your request).

 

https://api.constantcontact.com/ws/customers/username/contacts?access_token=4782-9351-3b8beaef1d18

 

Replacing the username and access token with your own, of course.  

 

Let me know if that is successful or not.  It should return a 200.  If this isn't successful, we can dig deeper into the request format and how you've provided credentials; if it is successful, I will revise your XML until it works on my end.

 

Best Regards,

Shannon W.

API Support Specialist

MattG966
Campaign Collaborator
0 Votes

Hmm, odd:

 

 

 

Error: HTTP Status 401 - The token [my token] is not a valid access token.

 

Description: This request requires HTTP authentication (The token [my token] is not a valid access token.)

 

 

 

Not sure why that error is happening... thoughts?

Shannon_W
Employee

Hi,

 

An access token will remain valid until another one is generated.  Since you're putting in the one you think is valid, the only way to get a new one that you know the value of (that I can think of) would be to generate a new access token (go through the OAuth 2 flow again).  

 

A common mistake is to use the auth_code or code in place of the access token.  The code is generated in the step before you get the access token.  The access token is generated after granting access and redirecting back to your redirect url for the last time--it is appended to your redirect url.

 

In general, in the OAuth 2 flow, it would be best to check to see if a token exists and if one doesn't, put the user through the OAuth flow (then store the access token in a database, assuming you have more than one user).

 

Best Regards,

Shannon W.

API Support Specialist

MattG966
Campaign Collaborator
0 Votes

Thanks Shannon, I'll try this tonight.

 

I do only have one user, so I only need the one auth token.  It's definitely possible I didn't use the most recent token generated... I tried about a million times to get my OAuth 2 stuff working before I was able to get a result.

 

Anyway, I'll post back with my results.  Thanks!

MattG966
Campaign Collaborator
0 Votes

Shannon-

 

You were right, I did need to regenerate my access token.  Now everything works.

 

Thanks a ton for your help!

Shannon_W
Employee
0 Votes

Glad to hear it, and thanks for the follow up!  Have a great day!

 

Best Regards,

Shannon W.

API Support Specialist

Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up

Polls
How confident are you about the effectiveness of your current marketing strategy?

Top Choice: Not confident at all (75%)