Access Token Information Not Working

SOLVED
Go to solution
AvromFinkelsteinF
Campaign Collaborator

I was testing the new authorization service and I was calling the API to get the access token information using:

 

https://api.cc.email/v3/token_info

See

https://v3.developer.constantcontact.com/api_reference/index.html#!/Access_Token_Information/postAut...

 

I get the following error back:

[ { "error_key": "token.invalid", "error_message": "Invalid access token" } ]

However, the token I was testing is valid.

 

I know it is valid since it works with other API calls.

 

Testing it from the above link from the documentation produces the same results.

1 ACCEPTED SOLUTION
Courtney_E
Employee
0 Votes

Hello AvromFinkelsteinF,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

The existing Access Token Endpoint that's referenced within our documentation is only configured to work with our old authorization management service's keys and token sets. It will not work with the new token format of applications/keys that have been updated/created to use the new authentication flows. While this is not yet notated within the documentation, we are working to get it updated.

 

Our new OAuth2 flows utilize Access Tokens that are in JWT format. JSON Web Tokens (JWT) are a compact and self-contained way for securely transmitting information between parties as a JSON object. 

 

There are many 3rd party JWT Decoder Tools available online that allow you to view the scopes/permissions granted to the access token (examples below), but you can also find instructions online regarding how to  to get that information programmatically.

 

[3rd party resource] Some JWT Decoder Tool Examples:

https://jwt.io/#debugger-io

https://developer.pingidentity.com/en/tools/jwt-decoder.html

 

[3rd party resource] Decode JWT token in Java Example:

https://www.lenar.io/how-to-decode-jwt-authentication-token/

**We can't specifically recommend or express preference in regards to third party integrations, plugins, services, or resources, as they are not built or supported by Constant Contact, so all/any 3rd party resources referenced within this communication are meant to be used expressly for the purpose of providing examples to better illustrate proposed solutions.

 

Please have a look and let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

View solution in original post

2 REPLIES 2
Courtney_E
Employee
0 Votes

Hello AvromFinkelsteinF,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

The existing Access Token Endpoint that's referenced within our documentation is only configured to work with our old authorization management service's keys and token sets. It will not work with the new token format of applications/keys that have been updated/created to use the new authentication flows. While this is not yet notated within the documentation, we are working to get it updated.

 

Our new OAuth2 flows utilize Access Tokens that are in JWT format. JSON Web Tokens (JWT) are a compact and self-contained way for securely transmitting information between parties as a JSON object. 

 

There are many 3rd party JWT Decoder Tools available online that allow you to view the scopes/permissions granted to the access token (examples below), but you can also find instructions online regarding how to  to get that information programmatically.

 

[3rd party resource] Some JWT Decoder Tool Examples:

https://jwt.io/#debugger-io

https://developer.pingidentity.com/en/tools/jwt-decoder.html

 

[3rd party resource] Decode JWT token in Java Example:

https://www.lenar.io/how-to-decode-jwt-authentication-token/

**We can't specifically recommend or express preference in regards to third party integrations, plugins, services, or resources, as they are not built or supported by Constant Contact, so all/any 3rd party resources referenced within this communication are meant to be used expressly for the purpose of providing examples to better illustrate proposed solutions.

 

Please have a look and let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
AvromFinkelsteinF
Campaign Collaborator
0 Votes

Thanks.

 

My main goal of calling that API endpoint was to check that the connection will work with a given access token. In that context, I was only checking if it returned a 200 OK status code.

Thus, any endpoint would serve that purpose. I switched over to using the Get user privileges endpoint.

Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up