V3 API: Retrieve the Authorization Code

SOLVED
Go to solution
CarolynG105
Campaign Collaborator

I'm trying to figure out how to retrieve the Authorization Code programmatically.

On the OAuth2.0 Server Flow -> Step 4 :  How do you login programmatically to get the Authorization code?

The URL takes you to a login page where you need to enter your user id and password.

 

https://api.cc.email/v3/idfed?client_id=#clientID&redirect_uri=https://localhost&response_type=code

 

https://v3.developer.constantcontact.com/api_guide/server_flow.html

1 ACCEPTED SOLUTION
Jimmy_D
Employee
0 Votes

Hello Everyone,

 

Just to answer a question that has not been answered by others in this thread.

 

The Refresh Token does not expire. It can be invalidated if you go through the full oAuth process again to create a new Access/Refresh Token. Once you generate the first pair of Access/Refresh Tokens as long as you only go through Step 5 which is the refresh flow then you will not have to worry about invalidating previously generated tokens.


Regards,
Jimmy D.
Tier II API Support Engineer

View solution in original post

10 REPLIES 10
raleighb3
Marketing Legend
0 Votes

if i understand your question correctly, the answer is this:   the first time you go through this process, the User must login manually in order to allow access.   Once they grant access, you receive both an Access Token and a Refresh Token.   That Refresh Token can be used as needed to to get another Access Token.  When the Refresh Token is used to get Access Token, no manual User action is necessary because your code can perform this function.

Hope that helps.

CarolynG105
Campaign Collaborator
0 Votes

Thanks for the reply.  Does the refresh token ever expire?  

 

This is what I'm trying to accomplish.

When a new user signs up on our website,  we are going to add them to Constant Contact.  The user that signed up on our website, does not know anything about Constant Contact.  

 

Thanks again.

raleighb3
Marketing Legend

i am uncertain as to if/when/how a Refresh Token expires, if ever.   but, you do receive a new Refresh Token each time you use a Refresh Token to obtain a new Access Token

.   

As stated in the CC docs:  "...Access tokens automatically expire two hours (7,200 seconds) after their last use. Access tokens have a maximum lifetime of 24 hours (86,400 seconds)...."

 

here is a helpful link to info on Tokens and even a good Refresh strategy:    https://v3.developer.constantcontact.com/api_guide/faqs_manage_applications.html

edit:   look under the "Make access tokens last longer?" topic on that link

Jimmy_D
Employee
0 Votes

Hello Everyone,

 

Just to answer a question that has not been answered by others in this thread.

 

The Refresh Token does not expire. It can be invalidated if you go through the full oAuth process again to create a new Access/Refresh Token. Once you generate the first pair of Access/Refresh Tokens as long as you only go through Step 5 which is the refresh flow then you will not have to worry about invalidating previously generated tokens.


Regards,
Jimmy D.
Tier II API Support Engineer
igvinc
Constant Contact Partner
0 Votes

Sorry to say, yes, the refresh_token does indeed expire.

 

Maybe you can make a simple HTML/PHP form with a video showing us what you are doing?

For example: 

  • Document how to add 1 user
  • to a specific list
  • with 2 custom fields
  • from a simple landing page with a custom form
  • with a hardcoded API Key, Secret and Token - that does not expire

 

Courtney_E
Moderator
0 Votes

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

The V3 refresh token does not expire unless it is used or a new refresh token has been generated. Refresh tokens can only be used once, as generating a new set of tokens causes all previous tokens to expire. 

 

You will need to set the access token and the refresh token as values for corresponding variables in your application, so that when your program runs through step 5 of the OAuth2.0 Server Flow to get the new set of tokens it can assign new values to those variables to maintain an authenticated connection.

 

V3 API - Refresh the Access Token

https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-5-refresh-the-access-token

 

How to Make Access Tokens Last Longer

https://developer.constantcontact.com/api_guide/faqs_manage_applications.html

 

The request for V3 application code samples is currently under review. However, we're currently still adding endpoints and capabilities to the V3 API, and do not plan to publish official SDKs or sample apps until that process is complete. Your feedback and experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.

 

In the meantime, here are the example calls that are currently available for V3:

 

V3 Code Samples:

https://v3.developer.constantcontact.com/api_guide/tag_code_samples.html


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
SeyiK9
Rookie
0 Votes

Please can someone from the engineering team please address this? It has been two years guys and this is clearly a functionality a lot of us developers want, If it is not possible the please say so. @raleighb3 worded it PERFECTLY and did not get a response so I will try again, "

   the first time you go through this process, the User must login manually in order to allow access.   Once they grant access, you receive both an Access Token and a Refresh Token.   That Refresh Token can be used as needed to to get another Access Token.  When the Refresh Token is used to get Access Token, no manual User action is necessary because your code can perform this function"  Is this correct PLEASE? 

Hope that helps.

Courtney_E
Moderator

Hello SeyiK9,

 

Thank you for reaching out to Constant Contact API Developer Support. 

 

When using the new OAuth2 flows that are available for V3 using our recently implemented authorization management service, the access token lifetime is now a static 24 hours, and you have the option of using rotating refresh tokens or long lived refresh tokens:

 

Rotating Refresh Tokens will not expire unless they have been used and/or a new token set has been generated. Rotating refresh tokens can only be used once, as generating a new set of tokens causes all previous refresh tokens to expire. 

 

Once you have your first set of tokens, you’ll want to set both the access token and the refresh token as values for corresponding variables in your application, so that when your program requests a new set of tokens it can assign new values to both of those variables to maintain an authenticated connection.

 

Long Lived Refresh Tokens (which can be configured within your V3 key’s settings), allow you to use the same refresh token continuously to generate new Access Tokens. You can use the same configuration as you would for the rotating refresh tokens if desired, you’ll just get back the same refresh token value each time when receiving your new access token.

 

Update Your Applications to Use the New Authorization Service

https://v3.developer.constantcontact.com/api_guide/auth_update_apps.html

 

While we generally recommend using rotating refresh tokens (as they're more secure), using a long lived refresh token should alleviate many of the situations that we've seen reported where a refresh token becomes invalid, and then requires a new authorization request.

 

Currently, the Long Lived Refresh Tokens are only compatible with our OAuth2 Authorization Code Flow, and must be used at least once every 180 days in order to remain valid.

 

OAuth2 Authorization Code Flow

https://v3.developer.constantcontact.com/api_guide/server_flow.html

 

Please have a look and let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Stacyw744
Campaign Collaborator

This question has been marked solved, but it's really not solved. 

 

If you have a website where users create accounts (a store or membership type site), it seems like you can't just add them to your Constant Contact list during the account create - it has to be done in a completely separate admin flow so the Constant Contact accountholder can authenticate and permit adding to the list.   

igvinc
Constant Contact Partner

Correct... sadly... so far we have the same problem:

impossible to "add 1 user to a specific list with some custom fields from a simple PHP landing page with a custom form"

 

Ergo: Not solved

Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up