I was testing the new authorization service and I was calling the API to get the access token information using:
https://api.cc.email/v3/token_info
See
I get the following error back:
[ { "error_key": "token.invalid", "error_message": "Invalid access token" } ]
However, the token I was testing is valid.
I know it is valid since it works with other API calls.
Testing it from the above link from the documentation produces the same results.
Solved! Go to Solution.
Hello AvromFinkelsteinF,
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
The existing Access Token Endpoint that's referenced within our documentation is only configured to work with our old authorization management service's keys and token sets. It will not work with the new token format of applications/keys that have been updated/created to use the new authentication flows. While this is not yet notated within the documentation, we are working to get it updated.
Our new OAuth2 flows utilize Access Tokens that are in JWT format. JSON Web Tokens (JWT) are a compact and self-contained way for securely transmitting information between parties as a JSON object.
There are many 3rd party JWT Decoder Tools available online that allow you to view the scopes/permissions granted to the access token (examples below), but you can also find instructions online regarding how to to get that information programmatically.
[3rd party resource] Some JWT Decoder Tool Examples:
https://developer.pingidentity.com/en/tools/jwt-decoder.html
[3rd party resource] Decode JWT token in Java Example:
https://www.lenar.io/how-to-decode-jwt-authentication-token/
**We can't specifically recommend or express preference in regards to third party integrations, plugins, services, or resources, as they are not built or supported by Constant Contact, so all/any 3rd party resources referenced within this communication are meant to be used expressly for the purpose of providing examples to better illustrate proposed solutions.
Please have a look and let us know if you have any other questions!
Hello AvromFinkelsteinF,
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
The existing Access Token Endpoint that's referenced within our documentation is only configured to work with our old authorization management service's keys and token sets. It will not work with the new token format of applications/keys that have been updated/created to use the new authentication flows. While this is not yet notated within the documentation, we are working to get it updated.
Our new OAuth2 flows utilize Access Tokens that are in JWT format. JSON Web Tokens (JWT) are a compact and self-contained way for securely transmitting information between parties as a JSON object.
There are many 3rd party JWT Decoder Tools available online that allow you to view the scopes/permissions granted to the access token (examples below), but you can also find instructions online regarding how to to get that information programmatically.
[3rd party resource] Some JWT Decoder Tool Examples:
https://developer.pingidentity.com/en/tools/jwt-decoder.html
[3rd party resource] Decode JWT token in Java Example:
https://www.lenar.io/how-to-decode-jwt-authentication-token/
**We can't specifically recommend or express preference in regards to third party integrations, plugins, services, or resources, as they are not built or supported by Constant Contact, so all/any 3rd party resources referenced within this communication are meant to be used expressly for the purpose of providing examples to better illustrate proposed solutions.
Please have a look and let us know if you have any other questions!
Thanks.
My main goal of calling that API endpoint was to check that the connection will work with a given access token. In that context, I was only checking if it returned a 200 OK status code.
Thus, any endpoint would serve that purpose. I switched over to using the Get user privileges endpoint.
Announcements
Join our list to be notified of new features and updates to our V3 API.
Sign Up