API v3.0 Access in a Visual Studio application - "Unauthorized" message

Marketing Legend
0 Votes



#SoapBox ON


I've seen many posts from people attempting to perform oAuth 2.0 using non web enabled applications, such as C# and VB.Net.  It's extremely disappointing to read on your website your position that you've chosen to abandon these users by not providing any sdk’s or really, any relevant support whatsoever, to people writing non-web enabled apps.  


From my standpoint I've found a solution to the whole oAuth 2.0/non-web enabled app quandary.  It cost me some coin in having to purchase a 3rd party web control (the one in Visual Studio doesn't work) that could be placed on a form and have the oAuth code returned and captured in a received headers event, but at least it's a solution.  (i.e. Essential Objects eo.webbrowser) 


I'm obviously new to your 3.0 API (we are upgrading from your V1.0 API) so I know there is a learning curve to climb.  This climb is complicated by the vagueness of some of your terminology.  For example, you refer to an “Access code” interchangeably between what is really the “oAuth2 Token” and the “Access Token” that gets returned with the “Refresh Token”.  (All these tokens, reminds me of the 70’s)  Since most of the snippets in your replies lack any sort of context, it’s difficult to know exactly what is what.


It would be awesome if you had a functioning sample application, in VB or C# available for us mere mortals.


#SoapBox OFF


I’ve been successful in obtaining the oAuth2 Token.  Once obtained I’m able to successfully obtain both an Access Token and a Refresh Token (returned from the same call). 


(Here is the code to obtain the Access Token and the Refresh Token in case anyone is interested.  I stole most of this from somewhere)

Imports RestSharp          ‘ // Obtained through NuGet
Imports Newtonsoft.Json    ‘ // Obtained through NuGet

Private Function CC_API3_GetAuthorizationToken() As Boolean
        Dim sBase64cred As String
        Dim client = New RestSharp.RestClient("https://idfed.constantcontact.com/as/token.oauth2?code=" & gstrOAuth2_Token & "&redirect_uri=" & cLocalHost & "&grant_type=authorization_code")

        Dim request = New RestRequest(Method.POST)
        Dim credentials As String = consumerKey & ":" & consumerSecret
        Dim plain As Byte() = System.Text.Encoding.UTF8.GetBytes(credentials)
        Dim response As IRestResponse

        sBase64cred = Convert.ToBase64String(plain)

        Dim base64auth = "Basic " & sBase64cred

        request.AddHeader("authorization", base64auth)

            response = client.Execute(request)
            Dim jsonResulttodict = JsonConvert.DeserializeObject(Of Dictionary(Of String, Object))(response.Content.ToString)
            gstrAccess_Token = jsonResulttodict.Item("access_token")
            gstrRefresh_Token = jsonResulttodict.Item("refresh_token")

            CC_API3_GetAuthorizationToken = True

        Catch ex As Exception
            CC_API3_GetAuthorizationToken = False
        End Try

    End Function

This is what I’ve returned 




The problem I am now running into now is that the “Access Token” doesn’t seem to work when making requests, such as downloading a list of email lists.  I’ve received two different errors depending on which “Token” I’m using.  “Request forbidden due to insufficient authorization scopes” or just “Unauthorized”


Here is the code for that: (Also mostly stolen from bits and pieces of other posts)

Private Sub CC_API3_GetListOfLists()
        Dim client = New RestSharp.RestClient(https://api.cc.email/v3/contact_lists?include_count=false)
        Dim request = New RestRequest(Method.GET)
        Dim plain As Byte() = System.Text.Encoding.UTF8.GetBytes(gstrAccess_Token)
        Dim sBase64cred As String = Convert.ToBase64String(plain)
        Dim b64_Auth = "Bearer " & sBase64cred

            request.AddHeader("content-type", "application/json")
            request.AddHeader("cache-control", "no-cache")
            request.AddHeader("accept", "application/json")
            request.AddHeader("authorization", b64_Auth)

            Dim response As IRestResponse = client.Execute(request)

            Dim jsonResulttodict = JsonConvert.DeserializeObject(Of Dictionary(Of String, Object))(response.Content.ToString)

        Catch ex As Exception
        End Try

    End Sub


My Scenario: 


I’m using my “Partner” CC account.  I’m using my application’s consumer key and consumer secret key, created just for this application.

I’ve signed into CC using my “Partner” CC login name and password via the oAuth2 method described above to obtain my oAuth2 Token.



  • Am I missing any steps in the whole “get a valid token/authorization” process?  
  • When making a request to interact with data in CC, which “Token” should I be using?  It seems obvious that I should be using the "Access Token" but I've read conflicting post entries.
  • Does whichever token I’m supposed to be using need to be encoded to base64 as I’m doing in the above example prior to being added to the header, or should it be plain text?
  • Am I including or omitting anything in the header definition that would cause the “Unauthorized” response?

What other things can I be looking at?


Thank you.

Chris Campbell




Marketing Legend
0 Votes

As a follow up to this post, I've been able to determine that one is not supposed to encode the access token in the ("Authorization", Bearer = Access_Token) header line.  Still, that leaves me stuck on the 403 error message.  I've tried including the "&Scope=contact_data" in the initial oAuth2 url request but it seems to make no difference. 


A little insight from you folks would be amazing.

Developer Portal

View API documentation, code samples, get your API key.

Visit Page


API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up