Community Home
Resources
Events & Webinars
Learn
Groups
Product Ideas
Got a 'How do I' question? Join 'Ask a Trainer' Monday to Friday, 11am to 4pm ET for instant help and pro tips!
Join

Custom signup form with API V3

JoscelynW
Campaign Contributor
‎11-19-2020 06:33 PM
0 Votes
‎11-19-2020 06:33 PM

Hello,

I'm trying to add contacts via a custom form (not a standard CC form) on a website, but don't want the user to have to take any other actions other than submitting the form. Is this possible?

 

I'm able to add a contact using the server flow, but only after I've logged in and that won't work for anonymous users visiting the website that want to just sign up.

 

I need to use a custom form because I'm doing things on my end with a database that stores data being used in a CC custom field that gets sent along with the contact information when the contact is created.

 

All I've found is outdated methods that don't work.

 

Thank you

4 REPLIES 4
JoscelynW
Campaign Contributor
‎11-20-2020 03:21 PM
‎11-20-2020 03:21 PM

I've got it working, but my only issue is refreshing the token after expiration without granting permission again, either 2 hours after use or 24 hours without being used.

 

If I generate it initially, then keep submitting the form it works fine, but that's not realistic.

 

Can I run a cron job to somehow keep the token alive?

Courtney_E
Moderator
Moderator
‎04-16-2021 04:08 PM
In response to JoscelynW
0 Votes
‎04-16-2021 04:08 PM

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

Using cron is not the best solution, as the token still has a maximum lifespan of 24 hours, at which point it will expire even if it's been used recently. The best method would be to refresh the access token by using step 5 of the OAuth2.0 Server Flow, which doesn't involve granting permission again:

 

Refresh an access token by sending a POST request to the https://idfed.constantcontact.com/as/token.oauth2 authorization endpoint with the refresh_token and grant_type query parameters. This allows you to obtain a new access token and a new refresh token without having to prompt the user to reauthenticate with Constant Contact.
https://v3.developer.constantcontact.com/api_guide/server_flow.html
https://developer.constantcontact.com/api_guide/auth_overview.html#tokens


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
igvinc
Constant Contact Partner
Constant Contact Partner
‎06-18-2021 05:19 PM
0 Votes
‎06-18-2021 05:19 PM

I want to double check here...

 

Is the following statement true or false:

Every time we have a custom form on our website get filled out with a box checked "sign up for mailing list" we ALSO have to obtain a new access token and a new refresh token, store those tokens in a database, use them for the next request, over and over, forcing us to save data on our server (in a DB for example) with a new access token and a new refresh token for every user that fills out our contact form.

 

Or, is this statement true:

Once we generate our first access token we can just use it, saving only that into a PHP var, manually, and then use it to get a new "refresh" token

Courtney_E
Moderator
Moderator
‎06-22-2021 05:29 PM
In response to igvinc
0 Votes
‎06-22-2021 05:29 PM

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

In your application, you should only need to store the most recent set of tokens, but you will need to request a new set of tokens each time the previous access token has expired. It is not necessary to store old tokens that have already been used.

 

Access tokens automatically expire two hours after their last use, with a maximum lifetime of twenty-four hours, while the refresh token only expires once used, or if a new refresh token is generated. When you’re running your application, you’ll need to check if the access token has expired, and if so, use the refresh token to generate a new set of tokens, but you should only need to store the most recent set of tokens.

 

V3 API OAuth2.0 Server Flow
https://v3.developer.constantcontact.com/api_guide/server_flow.html

Tokens Overview
https://developer.constantcontact.com/api_guide/auth_overview.html#tokens

 

How to Make Access Tokens Last Longer
https://developer.constantcontact.com/api_guide/faqs_manage_applications.html


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up