I have an app where I want to create each user who signs up on the platform as a contact on the ConstantContact. I am looking to create contact from the backend NodeJS, without OAuth flow. But I haven't found any document for the REST API to create a contact with just API key and Secret key. Please advise or point to the document that helps me address the problem.
Currently you must go through the oAuth flow. We are looking in to other options; however at this time those other options have not been released.
Do you mean each user on the app platform needs to have an account on constantcontact for them to grant access to the platform for oAuth flow?
You haven't provided a great description of your app platform, but I'm guessing that those users will end up becoming contacts in the Constant Contact account, so no those people do not need a CTCT account and do not need to grant access.
Only the owner of the Constant Contact that will be adding the contacts needs to grant access.
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
API connections that use basic authentication to access the account via your username and password are no longer considered a secure enough option to protect our customers' data. Our current V3 API uses OAuth2.0, which is the current industry-standard for authorization.
OAuth2.0 is more secure and does a much better job of keeping your Constant Contact account data safe. Additionally, when you give their integration permission to access your account, it will show you exactly which permissions the integration is requesting to be granted (rather than just granting all permissions). V3 also uses tokens that are continuously refreshed to keep the connection encrypted and secure.
We know the authorization process for V3 can seem a little daunting when first getting started, but you should be able to fully automate your integration with the exception of the initial Authorization Request screen and redirect, which can only be accessed/authorized via a browser window and cannot be bypassed, but you should only need to authorize your account once (grant permission and exchange auth code for first token set). After the initial connection, your application will use the access token to make calls, and the refresh token to generate a new token set once the access token expires (24 hours).
While our expertise is with our API itself as opposed to its implementation within any particular programming language, we are happy to answer any questions pertaining to Constant Contact’s API endpoints, functionality, and documentation. If you need any help getting getting started with authorization, feel free to reach out to our team directly by email at email@example.com and reference case #30543383.
Otherwise, if you have a specific use case or OAuth flow that you feel would better meet your needs, we’d love to hear from you. If possible, please include what specific solution(s) you’re looking for, whether your app would only access your own Constant Contact’s account data or if it would also be used by other accounts, and whatever other specific use case details you are able to provide. These details allow our developer team to consider whether your request is a good fit for future development. Your feedback and experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.
Please have a look and let us know if you have any other questions!