The refresh token is invalid or expired. (400/BadRequest)

0 Votes

Hello Support Team!


We are in the process of integrating the CC v3 API with the systems of my company. A few months ago, I created a trial developer account via The moving pieces of the integration process are almost complete. And, everything was working as expected until last week.


That is, I have now started to get the error message “400/BadRequest{ "error": "invalid_grant", "error_description": "The refresh token is invalid or expired."}” when refreshing Access Token (with the POST endpoint (along with clinet_id, client_secret and refresh_token corresponding to the account) from Postman or other custom applications. The refresh_token is obtained from as query parameter of the Redirect URI (following


I have spent a fair amount of time trying to resolve the issue on my own with no success. May you please then help us resolve the issue? Thanks!


FYI - I created another app code flow in my account, but the error is still there. I can use my developer account in without an issue though. After the integration end-to-end testing is over (planned for this month), we will be using a paid account of the company. 

0 Votes

Hello TadK0,


Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.


It looks like we reached out to you via email regarding this issue to request some additional information in order to better assist with troubleshooting. If you still need assistance with this, please let us know! If you haven't received our reply, please let us know via email at, and reference case number 31686808.


Please have a look and let us know if you have any other questions!



John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
0 Votes

Thanks for the reply, John!


According to the guidelines in (Step 4: Get the Access Token and Refresh Token), "Authorization codes expire after 5 minutes (300 seconds).", but in reality they do expire in less than 5 minutes.


The workaround I used is to immediately perform Step 4, right after getting an authorization code in Step 3. This process has started to return me 200/OK response consisting of access_token and refresh_token. For example, in Postman, I received the response after I requested a POST with the Headers and Body as depicted in the screenshots below.




Therefore, you can close the case. Again, thanks for supporting!

Developer Portal

View API documentation, code samples, get your API key.

Visit Page


API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up