Got a 'How do I' question? Join 'Ask a Trainer' Monday to Friday, 11am to 4pm ET for instant help and pro tips!

Unauthorized to list contacts

AndreaL3758
Rookie
0 Votes

HI trying to get started using the API for updating email addresses . If I use the validation tool I get this back for my access-token

{ "scopes": [ "contact_data" ] }
If I use that same token to access 
 I get the error.
StatusCode: 401, ReasonPhrase: 'Unauthorized'
When I look at the headers of the request it seems to say I am authenticated
 
Connection: keep-alive
  Date: Tue, 25 Jan 2022 20:51:44 GMT
  x-amzn-RequestId: 1eab5ca5-314e-441e-86b5-97642599164a
  Access-Control-Allow-Origin: *
  Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key
  x-amzn-ErrorType: UnauthorizedException
  WWW-Authenticate: Bearer realm=api.cc.email
  x-amz-apigw-id: MhRjKGfYIAMFkBA=
  x-eig-tracking-id:
  Access-Control-Allow-Methods: GET,POST,PUT,DELETE,PATCH,OPTIONS
  X-Cache: Error from cloudfront
  Via: 1.1 518f46e79d9e7fee6a625c5924750956.cloudfront.net (CloudFront)
  X-Amz-Cf-Pop: SFO5-P1
  X-Amz-Cf-Id: SId7XD6JIfeMgs0Iy7bxDaDbq7rii1FVFf3N6vE1M2xTc4BdHcbgVg==
  Content-Type: application/json
  Content-Length: 59

how can I fix this error

1 REPLY 1
Courtney_E
Moderator
0 Votes

Hello AndreaL3758,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

A  401 unauthorized status code indicates that you are attempting to make an API call with an expired Access Token. Access Tokens automatically expire two hours (7,200 seconds) after their last use, and have a maximum lifetime of 24 hours (86,400 seconds).

 

Based on the API key connected to the account that you are posting from, it looks like you're using our Client Flow, which requires you to restart the authentication process each time that your Access Token expires. 

 

V3 API OAuth2.0 Client Flow

https://v3.developer.constantcontact.com/api_guide/client_flow.html

 

If you would prefer that your application be able to maintain a continuous authenticated connection, you’d want to instead utilize our Server Flow, which returns both an Access Token, as well as a Refresh token that you can use to generate a new token set once the initial access token expires.

Once you have your first set of tokens, you’ll want to set both the Access Token and the Refresh Token as values for corresponding variables in your application, so that when your program runs through step 5 of the OAuth2.0 Server Flow to get the new set of tokens it can assign new values to both of those variables to maintain an authenticated connection.

 

V3 API OAuth2.0 Server Flow

https://v3.developer.constantcontact.com/api_guide/server_flow.html

 

You can either have the application refresh the tokens on a timer based on the life of the access token, or you can have each submission check to see if the access token is still active, and then use the refresh token to generate a new set of tokens if not. 

 

How to Make Access Tokens Last Longer

https://developer.constantcontact.com/api_guide/faqs_manage_applications.html

 

Please have a look and let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up