Maybe I'm missing something, but I don't understand how the OAuth flow works when adding contacts to a list from a "Email Signup" form on a website, where the user obviously doesn't have access to the Constant Contact account. The API method I'm looking at is here: https://v3.developer.constantcontact.com/api_guide/contacts_create_or_update.html
OAuth authentication just doesn't make sense in this scenario.
I am looking for this exact issue as well and I can't see how it is possible.
I spent a lot of time on this, and it doesn't appear that non-interactive Oauth is possible with the v3 api. It renders their api useless for server-to-server applications.
I basically asked the same question about a week ago See Here and I have received no replies. I am beginning to doubt the helpfulness of this forum.
Hello MaggieS418,
Thank you for reaching out to Constant Contact API Developer Support and for your patience. My team is here to assist outside software developers with questions about building into Constant Contact's API.
When adding contacts to a list from a custom sign-up form app, the "user" referred to in the OAuth Server Flow would be the owner of the website who is setting up the form, as opposed to the contacts filling out the form. The owner of the website (and Constant Contact account) would grant the app access to their account during the initial setup of the form, after which the app would use step 5 of the Server Flow to exchange it's Refresh Token for a new pair of tokens whenever the Access Token expires, without the owner needing to log in again.
V3 API OAuth2.0 Server Flow
https://developer.constantcontact.com/api_guide/server_flow.html
V3 API Token Overview
https://developer.constantcontact.com/api_guide/auth_overview.html#tokens
Same problem here.
In V2 of the API
We have a simple HTML/PHP signup form on a basic landing page
that brings us to v3... :(. . .
I think you are right, so far it has proven Impossible to accomplish the simple task of
"adding 1 user to a specific list with some custom fields"
Other problems we ran into:
Our Conclusion:
V3 does not work for adding 1 contact to a list after they fill out a form.
Ergo: Our solution was and still is to use v2
(or switch to another platform that has a working API, which seems rude/inappropriate to talk about any further in this forum)
Sorry... but you are not alone!
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
While V2 API Access tokens are valid for 10 years, V3 Access tokens automatically expire two hours after their last use, with a maximum lifetime of twenty four hours. This ensures a higher level of security for the connection. The V3 refresh token does not expire unless it is used or a new refresh token has been generated. Refresh tokens can only be used once, as generating a new set of tokens causes all previous tokens to expire.
You will need to set the access token and the refresh token as values for corresponding variables in your application, so that when your program runs through step 5 of the OAuth2.0 Server Flow to get the new set of tokens it can assign new values to those variables to maintain an authenticated connection.
V3 API - Refresh the Access Token
https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-5-refresh-the-access-token
How to Make Access Tokens Last Longer
https://developer.constantcontact.com/api_guide/faqs_manage_applications.html
You can use the POST /contacts/sign_up_form endpoint to add a new contact to an account or update an existing contact based on their email address.
Create or Update a Contact
https://v3.developer.constantcontact.com/api_guide/contacts_create_or_update.html
The request for V3 application code samples is currently under review. However, we're currently still adding endpoints and capabilities to the V3 API, and do not plan to publish official SDKs or sample apps until that process is complete. Your feedback and experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.
In the meantime, here are the example calls that are currently available for V3:
V3 Code Samples:
https://v3.developer.constantcontact.com/api_guide/tag_code_samples.html
Instead of OAuth2, the CC API developers should consider OAuthX, the latest version, which has 38 steps instead of 5. It is way more secure than OAuth2 and, so totally worth it, and developers really don't mind the extra 33 steps.
Seriously though, the CC v3 API makes ZERO sense. I have spent hours on this and gotten nowhere. The premise that there is a landing page is nonsensical. What developers want is simple server-server communication like https://api.cc.com/update_contact?id=1423&phone=7775554444&api_key=52165362
That's all there is to it. Get your api key. Make calls.
Duh.
Hello DaveY53,
At this time, there is no way to bypass the Authorization Request screen for the V3 API and it must be accessed via a browser window, but you should only need to authorize an account once, after that you’ll use step 5 of the V3 API OAuth Server Flow to get a new set of tokens to maintain an authenticated connection.
To get started with the V3 API, you’ll want to start by going through the V3 API OAuth Server Flow. Please note, after step 1, you should set up step 4 before proceeding, because the authorization code from steps 2 and 3 only has a lifespan of 60 seconds.
V3 API OAuth2.0 Server Flow
https://v3.developer.constantcontact.com/api_guide/server_flow.html
Tokens Overview
https://developer.constantcontact.com/api_guide/auth_overview.html#tokens
Once you have your first set of tokens, you’ll want to set the access token and the refresh token as values for corresponding variables in your application, so that when your program runs through step 5 of the OAuth2.0 Server Flow to get the new set of tokens it can assign new values to those variables to maintain an authenticated connection.
You can either have the application refresh the tokens on a timer based on the life of the access token, or you can have each submission check to see if the access token is still active, and then use the refresh token to generate a new set of tokens if not.
V3 API - Refresh the Access Token
https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-5-refresh-the-access-token
How to Make Access Tokens Last Longer
https://developer.constantcontact.com/api_guide/faqs_manage_applications.html
Please have a look and let us know if you have any other questions!
You see all the references you are making to the 5 steps? That is way more complicated than it needs to be. Please consider switching to a simpler API, where all a developer needs to do is get an api key. Then the developer can make calls like
https://api.cc.com/update_contact?id=1423&phone=7775554444&api_key=52165362
It really can be this simple! E.g. Google Maps API works exactly like this.
Hello RickS015,
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
While our familiarity with any other party's API is limited, the Google Maps API appears to only involve access to the Maps platform, not to any user's personal account data (saved places, timeline, etc). This is a key difference from our V3 API, which does allow access to our clients’ account data.
The OAuth flow we use allows the Constant Contact account owner to review the types of data and functionality that your application is requesting (scopes), prior to granting access, as the developer of an app is not necessarily the owner of the Constant Contact account’s resources that they are accessing.
Our API is designed to protect both our users, and their contacts, from having their data compromised. Short-lived access tokens allow Constant Contact to handle credentials in a secure way. By eliminating basic authentication and using access tokens with a limited lifespan, it decreases the risk and impact of compromised credentials.
Please let us know if you have any other questions! You can also reach our team directly via email at webservices@constantcontact.com
Hello DaveY53,
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
Your feedback and experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.
We're currently making updates to our authentication system. This work would need to be completed prior to implementing additional authentication flows, however we are looking into them as future options. Some of the options currently under consideration include: Client Credentials flow, the Device Authorization flow, static refresh tokens, etc.
If you have a specific use case or auth type that you feel would better meet your needs, we’d love to hear from you. If possible, please include what specific solution(s) you’re looking for, whether your app would only access your own Constant Contact’s account data or if it would also be used by other accounts, etc. You can reply here, or contact us directly via email at webservices@constantcontact.com .
Announcements
Join our list to be notified of new features and updates to our V3 API.
Sign Up