Cross-Origin Request Blocked: (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)


I am attempting to add contacts using the new v3 api built in python and then passed to react through graphql

constant_contact_auth_url ={client_id}&redirect_uri=redirect_uri}&response_type={response_type}&code_challenge={code_challenge}&code_challenge_method=S256&state={state}&scope=account_read+account_update+contact_data+campaign_data"

 in react using






but whenever I hit that url, I am given the error "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <url above>" ... and upon writing this, I noticed that the url had "v1" in it, though I had copied it from the documentation here so, I went and tried it with "v3" in the url instead and also other url I found in other documentation with, "" in place of, "" just doesn't do anything, I get no response. I know I am supposed to get a prompt for the user to Allow/Deny access though I can't even get to that prompt because apparently I am being blocked


0 Votes

Hello ScottH793,


Thank you for reaching out to Constant Contact API Developer Support. 


While our expertise is with our API itself as opposed to its implementation within any particular programming language, we are happy to answer any questions pertaining to Constant Contact’s API endpoints, functionality, and documentation.


You can bypass cross-domain request issues by using the Authorization Code Flow instead and making your calls directly from the server, which securely stores your client secret.


OAuth2 Authorization Code Flow


However, if you do want to continue using the PKCE flow from the client-side, please note that when making requests to the /authorize endpoint, the browser (user agent) should be redirected to the endpoint. You can't use AJAX with this endpoint.


Additionally, here are some 3rd party* resources I found that may provide some additional insight:


[3rd party* reference:] Cross-Origin Resource Sharing (CORS)


[3rd party* forum post:] “CORS error when posting to /oauth2/token”


[3rd party* forum post:] “Authorization Code Grant blocked by CORS policy”


(*We can't specifically recommend or express preference in regards to third party integrations, plugins, services, or resources, as they are not built or supported by Constant Contact, so all/any 3rd party resources referenced within this communication are meant to be used expressly for the purpose of providing examples to better illustrate proposed solutions.)


Please have a look and let us know if you have any other questions!



Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Developer Portal

View API documentation, code samples, get your API key.

Visit Page


API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up