Stuck with Oauth2 V3 API

Occasional Participant

Using Rails and Oauth2, I am running into an error that says: "{"error_description":"Invalid client or client credentials","error":"invalid_client"}"


What is strange that I'm able to generate the initial URL:


Takes me to the "XXX is requesting permission for the following: etc..." I see the name of the APP I created which leads me to think that the client id I am passing is correct.


I created my own strategy based off this:


I specified the following:


option :client_options, {
site: '',
token_url: '',
authorize_url: '',
grant_type: "authorization_code"

Any ideas on where to look? 



Hello @JamesC400,


Thank you for reaching out to Constant Contact's API Support.


That error means one of two things. Either the API Key you are using in invalid; which doesn't seem likely since you are able to generate your authorization code, or the authorization header you are using was not generated correctly.


In Steps 4 and 5 of the oAuth flow you need to include an authorization header that uses a Basic token and the way you generate that is by putting your api_key and client_secret together separated by a : (colon). Then base64 encoding that.


Here is an example of how the header would look if I were to be submitting a cURL command and encoded api_key:client_secret.


header 'Authorization: Basic YXBpX2tleTpjbGllbnRfc2VjcmV0'

Jimmy D.
Tier II API Support Engineer
Occasional Participant


Thanks for the response! You led me in the right direction. Turns out there was a typo while constructing the Authorization header on my end. 


thanks a lot!

Occasional Participant

I have built an integration that was refreshing tokens every 30 minutes for 2 months, then yesterday it stopped working.


I get the same message: 

        "response": {
            "error_description": "Invalid client or client credentials",
            "error": "invalid_client"


In the code, I am setting the Authorization header:

'Authorization: Basic ' . base64_encode($request['api_key'] . ':' . $request['secret'])


When I check the API key in the API Reference it works. Also, I have triple checked the API Key and Secret. I am able to complete steps 1-4 of the workflow:


But step 5 is breaking... not sure what could be wrong.

Hi @WillH772,


I'm happy to check in to this, but in order to do that I would need some information that is best kept private. I would suggest to email us at webservices(at) and provide your API Key, Client Secret, and Redirect URI, so I can try to replicate.

Jimmy D.
Tier II API Support Engineer
Occasional Participant

Hello, I sent an email last Friday morning and have not received a response.

Developer Portal

View API documentation, code samples, get your API key.

Visit Page


API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up