Programmatic Access to v3 API without web sign in

EmmaH41
Campaign Expert

I'm looking to write a script to automate a few tasks with just a single connection with no user interaction.

 

I can generate the authorization url, and when I do Postman does show me the CC login prompt. However, I don't want to have to log in via a web page to grant access each time I run this script. I know with the v2 API there was a way to just use the access token given through the site along with the client id and secret, but there doesn't seem to be a way to do that in v3. I am fine even with having to use my user credentials to log in somewhere if I knew how to push those credentials within the script to receive the proper authorization code back. It doesn't make sense to try to generate a refresh token as I would have to store the new one somewhere each time I run this script (either scheduled or manually).

 

I thought it made more sense to do this with v3, since I assume that v2 will be deprecated at some point but otherwise this seems like it is more trouble than it's worth. I also don't understand why there is not a flow for this as it seems like a rather common thing to need to access the endpoints programmatically without needing a web interface.

9 REPLIES 9
AjayS62
Rookie
0 Votes

I am also interested in signing in without a web sign in. It does not make sense to me that I can't. I'm trying to manage my own contacts, list and email delivery via my own services, no UI.

Jimmy_D
Employee
0 Votes

Hello Everyone,

 

Thank you for reaching out to Constant Contact's API Support.

 

We are looking in to other options to authenticate. As of right now you will need to go through the oAuth flow listed in the v3 documentation to get the Access Token and Refresh Token. Please keep in mind the need to enter the Constant Constact username/password and clicking Allow/Deny only occurs once. After you do that you just need to track/save the Access and Refresh Tokens.


Regards,
Jimmy D.
Tier II API Support Engineer
ChrisE3168
Rookie
0 Votes

I am looking to do some of my own automation.  This would be a case where there is not a user, there is not a browser to allow the access.  OAuth2 is great when you have a user doing the work and using a browser.  When you do not have this, it does not work very well.

EmmaH41
Campaign Expert

This is the first time I've checked this thread in awhile. Disappointing they still have done nothing with this apparently, since it seems like a very common use case.

HitPredictor
Campaign Collaborator
0 Votes

Almost a year later and nothings changed.

LGFBNews_Main
Rookie
0 Votes

Anything with this issue? I've got same problem, our application uses api to create new contacts programatically, but now we can't do it with OAuth...

Courtney_E
Moderator
0 Votes

Hello EmmaH41,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

There is currently no way to bypass the initial Authorization Request screen, which can only be accessed/authorized via a browser window, but you should only need to authorize/connect an account once. 

 

After you complete the OAuth2 Authorization Code Flow for V3, Constant Contact returns an access token and refresh token. You can use access tokens to make requests using the V3 API, and you can use the refresh tokens to obtain new access tokens without any user input. This ensures that you only need to authenticate the account you’ll be connecting to once. After the initial authentication, you’ll just use the refresh token and access token to complete your future requests.

 

V3 OAuth2 Authorization Code Flow

https://v3.developer.constantcontact.com/api_guide/server_flow.html

 

V3 OAuth2 Tokens Overview

https://developer.constantcontact.com/api_guide/auth_overview.html#get-the-access-token

 

Please have a look and let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
user9863
Rookie
0 Votes

For this use-case why can't Constant Contact develop a flow in the developer portal that does the OAuth flow for us and presents us with an access token and long-lived refresh token so we can use it in our app? That would solve the problem for all of us.

 

We really shouldn't have to hand-roll an entire oauth flow just so that we can get the one refresh and access token that we will be needing for our automation.

Courtney_E
Moderator
0 Votes

Hello user9863,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

API connections that use basic authentication to access the account via your username and password are no longer considered a secure enough option to protect our customers' data. Our current V3 API uses OAuth2.0, which is the current industry-standard for authorization. 

 

OAuth2.0 is more secure and does a much better job of keeping your Constant Contact account data safe. Additionally, when you give their integration permission to access your account, it will show you exactly which permissions the integration is requesting to be granted (rather than just granting all permissions). V3 also uses tokens that are continuously refreshed to keep the connection encrypted and secure. 

 

We know the authorization process for V3 can seem a little daunting when first getting started, but you should be able to fully automate your integration with the exception of the initial Authorization Request screen and redirect, which can only be accessed/authorized via a browser window and cannot be bypassed, but you should only need to authorize your account once (grant permission and exchange auth code for first token set). After the initial connection, your application will use the access token to make calls, and the refresh token to generate a new token set once the access token expires (24 hours).

 

While our expertise is with our API itself as opposed to its implementation within any particular programming language, we are happy to answer any questions pertaining to Constant Contact’s API endpoints, functionality, and documentation. If you need any help getting started with authorization, feel free to reach out to our team directly by email at webservices@constantcontact.com. 

 

Otherwise, if you have a specific use case or OAuth flow that you feel would better meet your needs, we’d love to hear from you. If possible, please include what specific solution(s) you’re looking for, whether your app would only access your own Constant Contact’s account data or if it would also be used by other accounts, and whatever other specific use case details you are able to provide. These details allow our developer team to consider whether your request is a good fit for future development. Your feedback and experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.

 

Please have a look and let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up

Polls
How confident are you about the effectiveness of your current marketing strategy?

Top Choice: Not confident at all (64%)