Community Home
Resources
Events & Webinars
Learn
Groups
Product Ideas
Got a 'How do I' question? Join 'Ask a Trainer' Monday to Friday, 11am to 4pm ET for instant help and pro tips!
Join

Expired Refresh Token

BobB692
Constant Contact Partner
Constant Contact Partner
‎04-21-2020 12:46 PM
0 Votes
‎04-21-2020 12:46 PM

I was researching why my Refresh Token keeps expiring and found this post: https://community.constantcontact.com/t5/Developer-Support-ask-questions/Refresh-Token/m-p/332029

Based on the information found there, am I to assume that you only allow one Constant Contact account authentication via an api?

Meaning, if I had 2 separate sites that used a custom solution to validate an account and each site used the same Constant Contact account, that the Refresh Tokens would keep canceling each other out?

If true, this behavior seems rather odd.

Please confirm.

--
"I'd love to change the world, but they won't give me the source code."

Bob Brock
Owner / Lead Developer, River Media
3 REPLIES 3
Jimmy_D
Employee
Employee
‎04-21-2020 05:44 PM
0 Votes
‎04-21-2020 05:44 PM

Hi @BobB692,

 

This is correct; the scenario you have outlined to use the same account on multiple sites is something we are looking in to for future development and do not currently have an ETA on.


Regards,
Jimmy D.
Tier II API Support Engineer
BobB692
Constant Contact Partner
Constant Contact Partner
‎04-21-2020 06:32 PM
In response to Jimmy_D
‎04-21-2020 06:32 PM

Thanks for the quick response.

Does this restriction exist at the Account level or per API Key (token)?

 

Meaning, what if I used a different API Key and Client Secret to authenticate the same account on different sites?

Would that work? Or does the same restriction apply?

 

The reason I am asking is for development purposes only. I have several sites set up for testing and I keep getting the error of invalid 'refresh_token' even though I am sure I did not re-authenticate elsewhere.

--
"I'd love to change the world, but they won't give me the source code."

Bob Brock
Owner / Lead Developer, River Media
Jimmy_D
Employee
Employee
‎05-06-2020 01:38 PM
In response to BobB692
‎05-06-2020 01:38 PM

Hi @BobB692,

 

The Access/Refresh Tokens do have a link between the API Key that generated them and the account that authorized them. If you were to create a new API Key and go through the oAuth flow it should generate a completely different set of Access/Refresh Tokens that do not interfere with the first set.


Regards,
Jimmy D.
Tier II API Support Engineer
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up