Due to a security vulnerability acknowledged by the OAuth community, Constant Contact is retracting support for OAuth Authentication. API adopters should adopt Basic Authentication over HTTPs.

We acknowledge and apologize for the impact this could have on developers currently building applications. We believe this action is in the best interests of our Constant Contact account holders and in the best interest of our API adopters (It appears likely that the security vulnerability will require coding changes on the part of both Constant Contact and any OAuth adopters. Since our OAuth implementation is quite new, few OAuth based implementations have been deployed - and hence it is our hope and belief that changing models now is the most expedient - and secure - approach).



If you are interested in more information on the nature of the OAuth security vulnerability, please see the OAuth security advisory, here.

Thanks,