Hey,
I have a question about the API.
I have a primary account with a number of partner accounts (ex: 20). Assume I am building a new app on the API.
When I go through the Authentication procedure and get API tokens for this new app via the primary account, will these tokens work to access the information (ex: contacts & campaigns) in all the related partner accounts or do I have to get separate tokens for each partner account?
Thus:
- Login to primary account on Constant Contact
- Use it to switch to a partner account
- Go back to my app
- Get OAuth2 credentials for this partner account
- Go back to Constant Contact
- Switch back to the primary account
- Switch back to a different partner account and... repeat the process for each partner account?
Or is there a better way to do this using only the tokens for the master account?
Hello JasonK108,
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
There are 2 ways you could go about authorizing your application and sending requests on behalf of your child accounts.
If you were to authorize your application on each child account individually, you would need to be logged into each child account via genuine account-level credentials (logging in with a username and password to an Account Owner or Account Manager profile) to maintain authorization. Authorization for the application won’t be maintained if it is granted by logging into the child account through your main partner account due to security enhancements. You could reach out to the Account Owner of each child account to create an Account Manager user role for you for this purpose, or they could authorize the application themselves.
Alternatively, if your organization is the developer of the integration that you are trying to connect, specifically for Partner accounts, we now offer the option of acquiring a “Master Token”, which allows you to send API requests on behalf of Partner managed client accounts without needing individual access tokens for each child account.
Instead of using the the standard OAuth flows and storing tokens for each child account, you would be using the Partner authorization method to get a Partner API access token (JWT), then using that to call the "pass-through" Partner endpoint.
If you decide to go this route, please reach out to us via email at webservices@constantcontact.com to let us know the API key that you will be using for your application so that we can grant it the correct permissions.
Technology Partner Registration
https://v3.developer.constantcontact.com/api_guide/partners_reg_creds.html
Technology Partner Authentication and Authorization
https://v3.developer.constantcontact.com/api_guide/partners_auth.html
API Reference - POST Send an API request on Behalf of a Client Account
Please have a look and let us know if you have any other questions!
Regards,
Announcements
Join our list to be notified of new features and updates to our V3 API.
Sign Up