v3 API and Postman OAuth

KatherineG1840
Constant Contact Partner
0 Votes

Does anyone have any examples on setting up the OAuth flow using postman? I've tried probably a dozen different ways to setup to process, and still come back to the same couple of errors.

Using these settings produces a vague "invalid_request" error:

JohnK1840_0-1644537675686.png


However using these settings gives this error:
Error: Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.

JohnK1840_1-1644537800425.png

 


Wondering if I am missing some really obvious detail.

1 REPLY 1
Aarron_G
Moderator

Hello @KatherineG1840,

 

Please note that Postman is not built or supported by Constant Contact, so we are limited in the support we can provide, but will try to answer any questions to the best of our ability.

 

The "invalid_request" error you're encountering when using the Implicit Flow is due to the lack of the required nonce parameter. Postman doesn't appear to offer a dedicated field for this parameter; I was able to find the following open feature request, asking them to add one: OAuth2 supporting a nonce for the auth URL. A workaround would be to manually append the nonce parameter to the authorization endpoint URL:
postman_oauth_implicit.png


Regarding the error you encountered when using the Authorization Code Flow, you'll notice that our token endpoint expects the authorization_code as a query parameter & your app's credentials in the Authorization header. Postman is sending the authorization_code in the request body, and I was unable to locate an option within Postman to send it as a query parameter instead.

 

I was able to successfully obtain an access token by switching Postman's Client Authentication option from "Send as Basic Auth header" to "Send client credentials in body", however this isn't a documented, supported method of using our token endpoint, so I can't guarantee this will always be a viable workaround. I'd recommend contacting Postman's support to check if they offer a way to send the authorization_code as a query parameter.

postman_oauth_authorization _code.png


Please let us know if you have any questions!

 

Regards,


Aarron G.
API Support Engineer
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up

Polls
How confident are you about the effectiveness of your current marketing strategy?

Top Choice: Not confident at all (61%)