I have a process that gets an Authentication token with no issue, Then the process runs trying to get an access token. When this runs I always get a 400 Error. The process uses the Auth Token received just seconds ago.... always get a 400 Error.
Request to get Authorization token goes to (with id and domain obscured of course):
This returns an Authorization code that is generally 40 characters long. I then pass it to a url like the following (tweaked again of course):
The immediately above url is generated in Java code, and a "POST" using HttpsURLConnection (just like the API Doc examples show) is used. However, the first line to investigate the result of the HttpsURLConnection throws a 400 Error. The basic code is below (obscured).
StringBuilder authResult = new StringBuilder();
// Make authorization header with API Key:API Secret and encode
System.out.println("thisAPIKey = " + thisAPIKey);
System.out.println("thisAPISecret = " + thisAPISecret);
String credentials = thisAPIKey + ":" + thisAPISecret;
//Content-Type: application/x-www-form-urlencoded
String auth = "Basic " + Base64.getEncoder().encodeToString(credentials.getBytes());
//String auth = DatatypeConverter.printBase64Binary(credentials.getBytes());
System.out.println("auth is set without error");
System.out.println("auth = " + auth.toString());
// Create request URL
StringBuilder requestUrl = new StringBuilder()
.append("https://idfed.constantcontact.com/as/token.oauth2")
.append("?code=")
.append(codeParam) // this is the AuthorizationCode that is retrieved initially and passed to this process
.append("&grant_type=authorization_code")
.append("&redirect_uri=")
.append(redirectUri);
URL authorizeUrl = new URL(requestUrl.toString());
System.out.println("URL is set");
HttpsURLConnection con = null;
con = (HttpsURLConnection) authorizeUrl.openConnection();
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, new java.security.SecureRandom());
con.setSSLSocketFactory(sc.getSocketFactory());
System.out.println("connection is made");
// Set Method
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
// Add Auth Header
con.setRequestProperty("Authorization", auth);
con.setDoInput(true);
InputStream content = null;
BufferedReader inVal = null;
con.setConnectTimeout(40000);
// Read response from server
inVal = new BufferedReader(new InputStreamReader(con.getInputStream()));
Everything is running fine up to the last line above, which is the first attempt to use the return information from the HttpsURLConnection.
The error I get from Java is an IOException error:
java.io.IOException: Server returned HTTP response code: 400 for URL:
https://idfed.constantcontact.com/as/token.oauth2?code=ihvDmqXaltqX25EtNjXWU28npLAS62g1BVpULgDJ&gran...
Any help would be appreciated. I have spent a fair amount of time trying to solve on my own with no success.
Thanks
Mike KInder
Solved! Go to Solution.
Hello Mike,
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
Looking at our logs for the authorization code that you provided, as well as the related key within the account, I was able to find a few error responses in regards to the issue that you are experiencing:
"Authorization code is invalid or expired."
This appears to be the primary issue. The authorization code only has a 60 second lifetime before it expires, so once it is generated it needs to be exchanged for your first token set within that 60 second window or you will receive an error response:
Retrieve the Authorization Code
“redirect_uri value must be identical to the value included in the authorization request."
The redirect URI used when exchanging the Authorization code for a token set must match exactly both the redirect URI that was used in your Authorization Request URL, as well as the Redirect URI within your App Details for the key.
Also, it looks like in some attempts, the grant_type was set to the value “authorization” and it needs to always be “authorization_code”
Exchange the Authorization Code for an Access Token and a Refresh Token
Please have a look and let us know if you have any other questions!
Hello Mike,
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
Looking at our logs for the authorization code that you provided, as well as the related key within the account, I was able to find a few error responses in regards to the issue that you are experiencing:
"Authorization code is invalid or expired."
This appears to be the primary issue. The authorization code only has a 60 second lifetime before it expires, so once it is generated it needs to be exchanged for your first token set within that 60 second window or you will receive an error response:
Retrieve the Authorization Code
“redirect_uri value must be identical to the value included in the authorization request."
The redirect URI used when exchanging the Authorization code for a token set must match exactly both the redirect URI that was used in your Authorization Request URL, as well as the Redirect URI within your App Details for the key.
Also, it looks like in some attempts, the grant_type was set to the value “authorization” and it needs to always be “authorization_code”
Exchange the Authorization Code for an Access Token and a Refresh Token
Please have a look and let us know if you have any other questions!
Hi Courtney, I will mark your response as the solution, but to be specific, it was the redirect_uri. I missed that each leg of the Authorization had to be the same, and I was trying to point to a different one on the second leg. Once changed to the same redirect, it worked. So, thanks.
Hello MikeK7170,
Thank you for reaching out to Constant Contact API Developer Support.
Glad you were able to get this resolved!
Please let us know if you have any other questions.
Announcements
Join our list to be notified of new features and updates to our V3 API.
Sign Up