I received a phone call from someone claiming to be from Constant Contact stating that there are required changes to implement for developers who integrate their applications with CC that are using the API 3.0.
They said they would follow up with an email outlining what changes needed to be made. They seemed to know quite a bit about our product.
Is this legit? And if so would you please point me to a link on your web site that discusses the changes that need to be made?
Thank you for reaching out to Constant Contact API Developer Support.
We appreciate your concerns for security, and have followed up directly via email to your original case #29711852, as well as with some detailed instructions in reply to your follow up inquiry (case #29726297), but I wanted to close the loop here as well.
Applications that integrate with Constant Contact must use the OAuth2 authorization protocol to securely authenticate a Constant Contact user account, and to be granted access to that user's data. To provide improved security, Constant Contact is now using a new authorization management service, and will be ending support for the previous service/keys on March 31, 2022.
This means that all new V3 API keys generated through the My Applications page within the Developer Portal (https://app.constantcontact.com/pages/dma/portal/) will not be compatible with applications/integrations/plugins that have not yet been updated by their developers. Additionally, if the developer does not update their application, existing API keys will no longer be supported by Constant Contact as of March 31, 2022.
For more details on updating your app, please visit our updated API Documentation Page:
V3 API - Update Your Applications to Use the New Authorization Service
Please have a look and let us know if you have any other questions! You can reply here, or follow up with us securely via email at firstname.lastname@example.org.