Got a 'How do I' question? Join 'Ask a Trainer' Monday to Friday, 11am to 4pm ET for instant help and pro tips!

How to make simple API call to post an email?

ericg5327
Rookie

I've scanned through the v3 API docs a number of times but the authentication flows don't really seem to fit my very simple use case. The docs reference a "redirect URI" and "granting access to an application", but in this case I am the user / application and I just want to insert an email into Constant Contact via API call.

 

I have an email (received via form on my site) and I simply want to make a POST request to add this email to constant contact.

 

I have my API key and a secret, so can anyone tell me (or better yet, post a code snippet) the way to format an HTTP call to post an email? The part I seem to be stuck on is generating the access token.

 

Can I generate an access token once to be used at my server to authenticate calls to the CC API?

 

Thank you.

8 REPLIES 8
Jimmy_D
Employee
0 Votes

Hello @ericg5327,

 

Thank you for reaching out to Constant Contact's API Support.

 

You mention that you are stuck on generating the Access Token. When using our v3 API you do need to go through the oAuth flow, either client or server, to generate an Access Token. Even if you are the user this process is still required. The Access Token is what identifies which Constant Contact account you want to send data to and receive data from.

 

Once you have established that portion of your program you can then create your email. You can see a code sample of a POST on this page.


Regards,
Jimmy D.
Tier II API Support Engineer
DonnaH072
Campaign Collaborator
0 Votes

I am looking to do the same thing.  The link you gave on how to setup authorization is very ambiguous.  For example, I am going through the client route (request to the API will be coming from JS).  The page says I need to send an authorization request, but where do you send this request to?  There is no URL referenced.  Also, when you try Googling anything related to Constant Contact's API, you get a bunch of links that reference the V2 build.

DonnaH072
Campaign Collaborator
0 Votes

This is what my current request looks like with jQuery's ajax() method:

 

type: 'POST',
url: 'https://api.cc.email/v3/contacts',
beforeSend: function(request) {
request.setRequestHeader('Authorization', 'Bearer {access_token}');
request.setRequestHeader('Postman-Token', 'akdslfjasf-adfkdf-42d-924-e9843168744');
request.setRequestHeader('Content-Type', 'application/json');
request.setRequestHeader('Accept', '*/*');
request.setRequestHeader('cache-control', 'no-cache');
},
data: {
email_address: {
address: 'sandman@gmail.com'
}
},

 

For the headers, I copied what was listed in the example at https://v3.developer.constantcontact.com/api_guide/email_campaign_create.html?_ga=2.235470849.128746....

 

For the "Postman-Token" header, I am using the "API Key" value associated with my registered app.  From the sounds of it, it seems this isn't enough.  I need to first hit an authorization server which should then return another token, but the article you linked to doesn't provide enough info on how to do this.

David_B.
Employee
0 Votes

Hello,

 

There doesn't need to actually be any Postman token in your calls. For details on our server flow, see: https://v3.developer.constantcontact.com/api_guide/server_flow.html

 

The short description is that to connect an app, you first will direct them to an authorization URL. This will take the user to a Constant Contact login page. After they log in, they are asked to allow your app access. After clicking allow, they are then redirected to your Redirect URI, with a code appended in a query parameter. Then you need to make a POST call passing along that code in order to get an Access Token and a Refresh Token.

 

Access Tokens have a limited timeframe they can be used, but when they expire you can use the Refresh token to get a new access token and refresh token to keep making calls.

 

The other thing I'll mention is that our API is looking for a JSON string of the body content. You may need to use something like JSON.stringify() on your data before submitting the request.

 

Please let us know if you have any other questions!

 

Regards,

David B.
Tier II API Support Engineer

DonnaH072
Campaign Collaborator

David, the crux of the original post and my post was that we're not working with users who are Constant Contact customers.  We have an input on our site that takes an e-mail and we want to add that e-mail to our account's contacts.  

 

Nowhere in this flow will anyone log into Constant Contact and then grant our app access to their account.  I am not sure how you got back to this thread with the OAuth description that's posted on the docs after the previous posts.

 

I am able to get the flow I described working, but it requires me to manually log into my Constant Contact account every 2 hours (tokens last for 2 hours) to get a new token and then use that in my call.  Is there a way to get a permanent token so I don't have to do this?  Is there an engineer from the dev team that can explain how you guys have designed the system to handle this use case?

 

This is a very straightforward process if we're using one of the competitor services to Constant Contact.  Why is it so difficult with Constant Contact?

Jimmy_D
Employee
0 Votes

Hi @DonnaH072,

 

The reason our oAuth was designed this way is for security reasons. If an Access Token is compromised it will expire in a relatively short amount of time so the potential "damage" that can be caused is minimal.

 

You are very close to using the oAuth flow how we intended it to work. You are manually getting a new Access Token every two hours. We actually intended for the Allow button to be clicked once, generate the first set of Access/Refresh Tokens, then store those tokens to be used.

 

When the Access Token expires (between two hours and twenty-four hours later) then you use the Refresh Token to generate a new Access/Refresh Token set, delete the old set and save this new set. This is the Step 5 in the server oAuth flow.


Regards,
Jimmy D.
Tier II API Support Engineer
SGA123
Rookie

Most all of the other apps we use, including mass mailers and sites like tdameritrade have a straight forward way of inserting a key into a web address as querystrings along with the api call and Wala!, you get a simple json response. It's obvious that you guys have not built this for organizations to do tasks such as move email data from internal servers to update their cc accounts. This is extremely disappointing and hinders our ability to integrate our data with our cc account data. Your app is made only for updating contacts via other users and not the customer who maintians the data. 

Courtney_E
Moderator
0 Votes

Hello SGA123,

_

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

_

API connections that use basic authentication to access the account via your username and password are no longer considered a secure enough option to protect our customers' data. Our current V3 API uses OAuth2.0, which is the current industry-standard for authorization.

_

OAuth2.0 is more secure and does a much better job of keeping your Constant Contact account data safe. Additionally, when you give their integration permission to access your account, it will show you exactly which permissions the integration is requesting to be granted (rather than just granting all permissions). V3 also uses tokens that are continuously refreshed to keep the connection encrypted and secure.

_

We know the authorization process for V3 can seem a little daunting when first getting started, but you should be able to fully automate your integration with the exception of the initial Authorization Request screen and redirect, which can only be accessed/authorized via a browser window and cannot be bypassed, but you should only need to authorize your account once (grant permission and exchange auth code for first token set). After the initial connection, your application will use the access token to make calls, and the refresh token to generate a new token set once the access token expires (24 hours).

_

While our expertise is with our API itself as opposed to its implementation within any particular programming language, we are happy to answer any questions pertaining to Constant Contact’s API endpoints, functionality, and documentation. If you need any help getting getting started with authorization, feel free to reach out to our team directly by email at webservices@constantcontact.com and reference case #30543345.

_

Otherwise, if you have a specific use case or OAuth flow that you feel would better meet your needs, we’d love to hear from you. If possible, please include what specific solution(s) you’re looking for, whether your app would only access your own Constant Contact’s account data or if it would also be used by other accounts, and whatever other specific use case details you are able to provide. These details allow our developer team to consider whether your request is a good fit for future development. Your feedback and experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.

_

Please have a look and let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up