Got a 'How do I' question? Join our live 'Ask a Trainer' session happening now for instant help and pro tips!

Unauthorized to list contacts

0 Votes

HI trying to get started using the API for updating email addresses . If I use the validation tool I get this back for my access-token

{ "scopes": [ "contact_data" ] }
If I use that same token to access 
 I get the error.
StatusCode: 401, ReasonPhrase: 'Unauthorized'
When I look at the headers of the request it seems to say I am authenticated
Connection: keep-alive
  Date: Tue, 25 Jan 2022 20:51:44 GMT
  x-amzn-RequestId: 1eab5ca5-314e-441e-86b5-97642599164a
  Access-Control-Allow-Origin: *
  Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key
  x-amzn-ErrorType: UnauthorizedException
  WWW-Authenticate: Bearer
  x-amz-apigw-id: MhRjKGfYIAMFkBA=
  Access-Control-Allow-Methods: GET,POST,PUT,DELETE,PATCH,OPTIONS
  X-Cache: Error from cloudfront
  Via: 1.1 (CloudFront)
  X-Amz-Cf-Pop: SFO5-P1
  X-Amz-Cf-Id: SId7XD6JIfeMgs0Iy7bxDaDbq7rii1FVFf3N6vE1M2xTc4BdHcbgVg==
  Content-Type: application/json
  Content-Length: 59

how can I fix this error

0 Votes

Hello AndreaL3758,


Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.


A  401 unauthorized status code indicates that you are attempting to make an API call with an expired Access Token. Access Tokens automatically expire two hours (7,200 seconds) after their last use, and have a maximum lifetime of 24 hours (86,400 seconds).


Based on the API key connected to the account that you are posting from, it looks like you're using our Client Flow, which requires you to restart the authentication process each time that your Access Token expires. 


V3 API OAuth2.0 Client Flow


If you would prefer that your application be able to maintain a continuous authenticated connection, you’d want to instead utilize our Server Flow, which returns both an Access Token, as well as a Refresh token that you can use to generate a new token set once the initial access token expires.

Once you have your first set of tokens, you’ll want to set both the Access Token and the Refresh Token as values for corresponding variables in your application, so that when your program runs through step 5 of the OAuth2.0 Server Flow to get the new set of tokens it can assign new values to both of those variables to maintain an authenticated connection.


V3 API OAuth2.0 Server Flow


You can either have the application refresh the tokens on a timer based on the life of the access token, or you can have each submission check to see if the access token is still active, and then use the refresh token to generate a new set of tokens if not. 


How to Make Access Tokens Last Longer


Please have a look and let us know if you have any other questions!


Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Developer Portal

View API documentation, code samples, get your API key.

Visit Page


API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up

How confident are you about the effectiveness of your current marketing strategy?

Top Choice: Not confident at all (65%)