V3 API Oauth2 Server Flow

PaulY3933
Rookie
0 Votes

Hi,

We are trying to use the Constant Contact OAuth 2.0 Server Flow in order to add/update contacts to the corporation's account from a developer account using Constant Contact V3 API. 

We were following the instructions (https://v3.developer.constantcontact.com/api_guide/server_flow.html ) but found ourselves strangled with details.

Step 1, redirect_uri — Required.   What exactly is redirect_uri? Is it the content of the corporation account or some application needs to be setup separately?  What is the difference between the redirect_uri in this context comparing to the redirect_uri at setting "My Application"?  

Thanks for your helps.

3 REPLIES 3
Courtney_E
Employee
0 Votes

Hello PaulY3933,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

The redirect URI used when exchanging the Authorization code for a token set must match exactly both the redirect URI that was used in your Authorization Request URL, as well as the Redirect URI within your App Details for the key.

 

When a user goes to connect their Constant Contact account to your integration and clicks “Allow” on the Authorization Request screen to grant your app access to their data, they are sent to the website URL that you specify as your Redirect URI. After the account owner is successfully authenticated and authorizes your application, Constant Contact redirects the account owner to your chosen redirect_uri and appends the Authorization Code to the URL, allowing your application to capture it and exchange it for your initial token set.

 

Get the Token from the Redirect URL

https://v3.developer.constantcontact.com/api_guide/auth_overview.html#get-the-token-from-the-redirec...

 

Create an Authorization Request URL

https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-1-create-an-authorization-r...

 

Please have a look and let us know if you have any other questions! 

 

You can also contact us directly via email at webservices@constantcontact.com if you have more  follow-up questions regarding the authentication process.

 


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
PaulY3933
Rookie
0 Votes

Thank you for your kind reply.  I am able to get the oauth2 server flow manually complete.  However, we are encounter another road blocker on Step 2, which requires human interaction to login/allow after the authorization request sent.  Since we are trying to use the api to do daily update to the contact list, this prompt for login prevent us from having an automatic process to get the code and access token.   Do you have any suggestion to get around it?  Thanks.

Courtney_E
Employee
0 Votes

Hello PaulY3933,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

There is currently no way to bypass the initial Authorization Request screen, which can only be accessed/authorized via a browser window, but you should only need to authorize an account once. 

 

After you complete the OAuth2 server flow for V3, Constant Contact returns an access token and refresh token. You can use access tokens to make requests using the V3 API, and you can use the refresh tokens to obtain new access tokens without any user input. This ensures that you only need to authenticate the account you’ll be connecting to once. After the initial authentication, you’ll just use the refresh token and access token to complete your future requests.

 

V3 API OAuth2.0 Server Flow

https://v3.developer.constantcontact.com/api_guide/server_flow.html

 

Tokens Overview

https://developer.constantcontact.com/api_guide/auth_overview.html#tokens

 

While the V3 API’s access tokens automatically expire two hours after their last use and have a maximum lifetime of 24 hours, refresh tokens will not expire unless they have been used and/or a new token set has been generated. However, refresh tokens can only be used once, as generating a new set of tokens causes all previous tokens (access and refresh) to expire. 

 

Once you have your first set of tokens, you’ll want to set both the access token and the refresh token as values for corresponding variables in your application, so that when your program runs through step 5 of the OAuth2.0 Server Flow to get the new set of tokens it can assign new values to both of those variables to maintain an authenticated connection.

 

V3 API - Refresh the Access Token

https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-5-refresh-the-access-token

 

You can either have the application refresh the tokens on a timer based on the life of the access token, or you can have each submission check to see if the access token is still active, and then use the refresh token to generate a new set of tokens if not. 

 

How to Make Access Tokens Last Longer

https://developer.constantcontact.com/api_guide/faqs_manage_applications.html

 

Please have a look and let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up