The refresh token is invalid or expired. (400/BadRequest)

TadK0
Rookie
0 Votes

Hello Support Team!

 

We are in the process of integrating the CC v3 API with the systems of my company. A few months ago, I created a trial developer account via https://developer.constantcontact.com/. The moving pieces of the integration process are almost complete. And, everything was working as expected until last week.

 

That is, I have now started to get the error message “400/BadRequest{ "error": "invalid_grant", "error_description": "The refresh token is invalid or expired."}” when refreshing Access Token (with the POST endpoint https://authz.constantcontact.com/oauth2/default/v1/token (along with clinet_id, client_secret and refresh_token corresponding to the account) from Postman or other custom applications. The refresh_token is obtained from as query parameter of the Redirect URI (following https://developer.constantcontact.com/api_guide/server_flow.html).

 

I have spent a fair amount of time trying to resolve the issue on my own with no success. May you please then help us resolve the issue? Thanks!

 

FYI - I created another app code flow in my account, but the error is still there. I can use my developer account in https://developer.constantcontact.com/api_reference without an issue though. After the integration end-to-end testing is over (planned for this month), we will be using a paid account of the company. 

2 REPLIES 2
John__B
Moderator
0 Votes

Hello TadK0,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

It looks like we reached out to you via email regarding this issue to request some additional information in order to better assist with troubleshooting. If you still need assistance with this, please let us know! If you haven't received our reply, please let us know via email at webservices@constantcontact.com, and reference case number 31686808.

 

Please have a look and let us know if you have any other questions!

 

Regards,


John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
TadK0
Rookie
0 Votes

Thanks for the reply, John!

 

According to the guidelines in https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-4-get-the-access-token-and-... (Step 4: Get the Access Token and Refresh Token), "Authorization codes expire after 5 minutes (300 seconds).", but in reality they do expire in less than 5 minutes.

TadK0_0-1698102875368.png

The workaround I used is to immediately perform Step 4, right after getting an authorization code in Step 3. This process has started to return me 200/OK response consisting of access_token and refresh_token. For example, in Postman, I received the response after I requested a POST with the Headers and Body as depicted in the screenshots below.

TadK0_1-1698102875375.png

 

TadK0_2-1698102875381.png

Therefore, you can close the case. Again, thanks for supporting!

Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up