Wildcard deprecation

0 Votes



In the old version, the api allows a wildcard so that we can pass our own values. What is the alternative since wildcard is no longer allowed? The value that we pass are guids. These guids get generated when an account is created within our system. Thanks!




0 Votes

Hello RexT25,


Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.


While the wildcard option has been removed from the redirect URI in our V3 API's new authorization management service in order to improve security, the newly added state parameter can be used to pass additional values through the Authorization Request URL.


Here are three ways that you might implement this, from least secure to most secure:


Option 1:

Use the additional value as the state value (least secure, directly exposes the additional value in the URL, and so isn't secure).


Option 2:

Base64 encode the additional values, and use that as the state value (more secure, but still not random, and can be decoded).


Option 3:

Come up with some formula to encode the additional values + a random value, which your program can decode when you get the response (fairly secure).


Option 4:

Use a completely random state value for each additional value, save it within your application before sending the request associated with that value, then use the state value to look up the additional value upon receiving the response (most secure).


Please have a look and let us know if you have any other questions!


Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Developer Portal

View API documentation, code samples, get your API key.

Visit Page


API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up