Community Home
Get Help
Events & Webinars
Ideas
Groups
Resources
MyRewards
 

Refresh token expiry

user770749
Rookie
‎04-17-2023 02:56 PM
0 Votes
‎04-17-2023 02:56 PM

I have integrated my application with Constant Contact using authorization code flow. After the authorization request and generating the authorization code i have created the access token and refresh token. Just want to know the expiry of refresh token because i want to use the refresh token to refresh access token. Can I reuse this always to refresh access token with going to authorization request or Authorization code 

3 REPLIES 3
Courtney_E
Employee
Employee
‎04-25-2023 03:15 PM
‎04-25-2023 03:15 PM

Hello user770749,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

When using the new OAuth2 flows that are available for V3 using our recently implemented authorization management service, the access token lifetime is now a static 24 hours, and you have the option of using rotating refresh tokens or long lived refresh tokens. 

 

Rotating refresh tokens can only be used once, and generating a new set of tokens causes all previous refresh tokens to expire, so each time you refresh the access token you will get a new refresh token value as well.

 

Long Lived Refresh Tokens (which can be configured within your V3 key’s settings), allow you to use the same refresh token continuously to generate new Access Tokens. You can use the same configuration as you would for the rotating refresh tokens if desired, you’ll just get back the same refresh token value each time when receiving your new access token.

 

Both types of refresh tokens must be used within 180 days of generation, after which they will expire. (If the long lived refresh token is used within that time frame, it will remain active and you can continue using the same value.) 

 

While we generally recommend using rotating refresh tokens (as they're more secure), using a long lived refresh token should alleviate many of the situations that we've seen reported where a refresh token becomes invalid, and then requires a new authorization request.

 

Please have a look and let us know if you have any other questions!

 

Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
LBobA54
Rookie
‎01-29-2024 01:28 PM
In response to Courtney_E
0 Votes
‎01-29-2024 01:28 PM

Where to we go to change the access token to Long Lived Refresh Tokens (which can be configured within your V3 key’s settings).  Where to we find the configuration settings?

John__B
Employee
Employee
‎02-21-2024 05:09 PM
In response to LBobA54
0 Votes
‎02-21-2024 05:09 PM

Hello LBobA54,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API. I apologize for the delay in our reply.

 

You can can modify your V3 API key’s Refresh Token settings with the following steps:

 

  • Login to the “My Applications” page of the Developer Portal at https://app.constantcontact.com/pages/dma/portal/
  • Click on the title of the key you wish to modify the settings for
  • Click the “OAuth2” tab of the key’s settings
  • Under the “Application OAuth2 Settings” section, you’ll see an option for Rotating or Long Lived Refresh Tokens. 

 

Please have a look and let us know if you have any other questions!

 

Regards,


John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up