authorization error

0 Votes

Hello!, I need to make a simple integration with Constant Contact to work.

I have an app registered:

I have a Mashery account:

[image removed for privacy]


and I generated an authorization token:



I have a simple PHP/CULR based function which collects the data and sends it to Constant contact, as described here>

The code is pretty simple:

$body = array(

            "email_address" => $email_address,

            "first_name" => $first_name,

            "last_name" => $last_name,




          $header[]="Content-Type: application/json";

            $header[]="Authorization: Bearer ".$token;

        $this->_log(json_encode($header),'Header: ');

        $this->_log(json_encode($body),'Request: ');

        $ch = curl_init("");

        curl_setopt($ch, CURLOPT_HTTPHEADER,$header);

        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

        curl_setopt($ch, CURLOPT_POST, 1);

        curl_setopt($ch, CURLOPT_POSTFIELDS, $body);

        $server_output = curl_exec($ch);

        $this->_log($server_output,'Response: ');


And the output also looks ok:

2021-02-08 11:59:38
Header: : ["Content-Type: application\/json","Authorization: Bearer 7855b000-f840-4a1e-aac1-cfc545382905"]

2021-02-08 11:59:38
Request: : {"email_address":"","first_name":"Denes","last_name":" Szekely","list_memberships":["fc3464f2-9a6e-11ea-9a0f-d4ae52844390"]}

2021-02-08 11:59:38
Response: : {"error_key":"unauthorized","error_message":"Unauthorized"}

The Header and the body in the above log entry are JSON encoded for readability. My problem is that I am getting this Unauthorized error. I even tried to test my code on the link found on dev portal, and that worked. I am clueless now, and any help is greatly appreciated!

0 Votes

Thank you for reaching out to Constant Contact API Developer Support and for your patience. My team is here to assist outside software developers with questions about building into Constant Contact's API.


It looks like you are using the V3 API documentation and endpoints with a V2 API key and access token, which is likely the reason you are receiving an error. The app that you have registered in the Dev Portal should have your V3 API key, and the API endpoint tester at also accesses the V3 API key that was created. To resolve this, you’d want to use the V3 API OAuth2.0 Server Flow to authenticate the connection and generate an access token and refresh token. Those instructions below:


V3 OAuth2.0 Server Flow


For your privacy and security, we’ve removed the image of your V2 API Key and Client Secret that was included with your post, and have also revoked the token (the Client Secret was no longer secret). If you do need to use the V2 API, I’d recommend generating a new key. The V2 API keys generated through Mashery have a different authentication flow and endpoints than the V3 API.


V2 API Documentation


Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Developer Portal

View API documentation, code samples, get your API key.

Visit Page


API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up