Hello user770749,
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
When using the new OAuth2 flows that are available for V3 using our recently implemented authorization management service, the access token lifetime is now a static 24 hours, and you have the option of using rotating refresh tokens or long lived refresh tokens.
Rotating refresh tokens can only be used once, and generating a new set of tokens causes all previous refresh tokens to expire, so each time you refresh the access token you will get a new refresh token value as well.
Long Lived Refresh Tokens (which can be configured within your V3 key’s settings), allow you to use the same refresh token continuously to generate new Access Tokens. You can use the same configuration as you would for the rotating refresh tokens if desired, you’ll just get back the same refresh token value each time when receiving your new access token.
Both types of refresh tokens must be used within 180 days of generation, after which they will expire. (If the long lived refresh token is used within that time frame, it will remain active and you can continue using the same value.)
While we generally recommend using rotating refresh tokens (as they're more secure), using a long lived refresh token should alleviate many of the situations that we've seen reported where a refresh token becomes invalid, and then requires a new authorization request.
Please have a look and let us know if you have any other questions!
Regards,
Courtney E.
Tier II API Support Engineer
Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
