Got a 'How do I' question? Join 'Ask a Trainer' Monday to Friday, 11am to 4pm ET for instant help and pro tips!

Stuck with Oauth2 V3 API

JamesC400
Rookie
0 Votes

Using Rails and Oauth2, I am running into an error that says: "{"error_description":"Invalid client or client credentials","error":"invalid_client"}"

 

What is strange that I'm able to generate the initial URL:

https://idfed.constantcontact.com/as//authorization.oauth2?pfidpadapterid=ctctOAuth2IdpAdapter&scope...

 

Takes me to the "XXX is requesting permission for the following: etc..." I see the name of the APP I created which leads me to think that the client id I am passing is correct.

 

I created my own strategy based off this:

https://github.com/omniauth/omniauth-oauth2

 

I specified the following:

 

option :client_options, {
site: 'https://api.cc.email/v3/',
token_url: 'https://idfed.constantcontact.com/as/token.oauth2',
authorize_url: 'https://api.cc.email/v3/idfed',
grant_type: "authorization_code"
}

Any ideas on where to look? 

 

5 REPLIES 5
Jimmy_D
Employee
0 Votes

Hello @JamesC400,

 

Thank you for reaching out to Constant Contact's API Support.

 

That error means one of two things. Either the API Key you are using in invalid; which doesn't seem likely since you are able to generate your authorization code, or the authorization header you are using was not generated correctly.

 

In Steps 4 and 5 of the oAuth flow you need to include an authorization header that uses a Basic token and the way you generate that is by putting your api_key and client_secret together separated by a : (colon). Then base64 encoding that.

 

Here is an example of how the header would look if I were to be submitting a cURL command and encoded api_key:client_secret.

 

header 'Authorization: Basic YXBpX2tleTpjbGllbnRfc2VjcmV0'

Regards,
Jimmy D.
Tier II API Support Engineer
JamesC400
Rookie
0 Votes

Hi,

Thanks for the response! You led me in the right direction. Turns out there was a typo while constructing the Authorization header on my end. 

 

thanks a lot!

WillH772
Rookie
0 Votes

I have built an integration that was refreshing tokens every 30 minutes for 2 months, then yesterday it stopped working.

 

I get the same message: 

        "response": {
            "error_description": "Invalid client or client credentials",
            "error": "invalid_client"
        }

 

In the code, I am setting the Authorization header:

'Authorization: Basic ' . base64_encode($request['api_key'] . ':' . $request['secret'])

 

When I check the API key in the API Reference it works. Also, I have triple checked the API Key and Secret. I am able to complete steps 1-4 of the workflow: https://v3.developer.constantcontact.com/api_guide/server_flow.html

 

But step 5 is breaking... not sure what could be wrong.

Jimmy_D
Employee
0 Votes

Hi @WillH772,

 

I'm happy to check in to this, but in order to do that I would need some information that is best kept private. I would suggest to email us at webservices(at)constantcontact.com and provide your API Key, Client Secret, and Redirect URI, so I can try to replicate.


Regards,
Jimmy D.
Tier II API Support Engineer
WillH772
Rookie
0 Votes

Hello, I sent an email last Friday morning and have not received a response.

Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up