Join the Ready, Set, Send Challenge Week 3. Share your QR code or landing page and win a badge!

Unable to put dynamic url in redirect uri

user8916157
Rookie
0 Votes

 

Hey Team, I have a url which is dependent on the ID of a prticular field which is passed in the url. EX:
https://www.test.com/abc/1/settings/. The problem is with the id field in between which keeps changing according to the users. Its not possible to add so many ids. Can you please provide me a method or a usecase example so that I could make use of it in my application for constant contacts?

 

1 REPLY 1
Courtney_E
Moderator
0 Votes

Hello user8916157,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

While the wildcard option has been removed from the redirect URI at the domain root level in our V3 API's new authorization management service in order to improve security, there are still other options available as far as passing additional information via your authorization request.

 

Within the redirect URI itself,  the lowest level subdomain will still support wildcards.

 

Example Request URIs:

 

App Redirect URI: https://subdomain*.example.com/oidc/redirect

Auth request URL Redirect URI: https://subdomainvalue.example.com/oidc/redirect

 

App Redirect URI: https://*.example.com/oidc/redirect

Auth request URL Redirect URI: https://value.example.com/oidc/redirect

 

Alternately, the newly added state parameter can also be used to pass additional values through the Authorization Request URL.

 

Here are three ways that you might implement this, from least secure to most secure:

 

Option 1:

Use the additional value as the state value (least secure, directly exposes the additional value in the URL, and so isn't secure).

 

Option 2:

Base64 encode the additional values, and use that as the state value (more secure, but still not random, and can be decoded).

 

Option 3:

Come up with some formula to encode the additional values + a random value, which your program can decode when you get the response (fairly secure).

 

Option 4:

Use a completely random state value for each additional value, save it within your application before sending the request associated with that value, then use the state value to look up the additional value upon receiving the response (most secure).

 

Please have a look and let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up