We have taken many reports of developers having a hard time upgrading to Basic over HTTPS using the sample PHP code. Here is a breakdown of how to update your code. We have updated this post with new information based on our extensive testing of curl and php versions and servers. For more detailed information on these limitations, please see the end of this documentation.
There are 6 changes which need to be made to our old sample script (AddAContact.php and Contact.php) in order to make it work over Basic Authentication with HTTPS. The changes are as follows:
In both files,
Change: curl_setopt($session, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
To: curl_setopt($session, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
Change From: $request = "http://api.constantcontact.com/ws/customers/".CC_USERNAME."/contacts";
To: $request = "https://api.constantcontact.com/ws/customers/".CC_USERNAME."/contacts";
Change From: $request = "http://api.constantcontact.com/ws/customers/".$this->user_name."/lists";
To: $request = "https://api.constantcontact.com/ws/customers/".$this->user_name."/lists";
If you are still experiencing connectivity issues after these changes you may need to also do the following:
In both files,
Add the code: curl_setopt($session, CURLOPT_SSL_VERIFYPEER, 0);
Before: $response = curl_exec($session);
We have released a new and updated PHP example, as well as a new and udpated C#.NET example, here. These examples have been tested on multiple hosting platforms and are a great way to get started using our most updated API techniques.
We have found that if a server is not configured to automatically update their CA certificate cache or is using an older version of curl, the SSL Certificate verification process will fail. By using these additional settings, it will bypass the certificate authentication process.
Please note, this will only bypass certificate authentication for the Constant Contact API usage and is not a global setting on your servers. If you are able to fix your issues by making these changes to the certificate verification, this means that your server configuration is not set to automatically update your CA certificates used by curl to verify SSL connections. This is not something Constant Contact can assist with changing, this issue should be brought back to your web hosting service or your web admin for further trouble shooting.
For more information on this issue, please see this article on the curl developer site on the limitations on the default curl CA certificate verification process. This is in no way related to the Constant Contact API but to an actual limitation of the way curl verifies SSL certificates. We apologize for the confusion regarding this and the amount of time it took to find this limitation.
I am sorry to hear that your script has stopped functioning. You are correct in your assumption that this issue has not come back, and in fact there are no known errors in regards to your issue. I would like to help you out with this so please send an email to firstname.lastname@example.org and attach your AddAContact.php, Contact.php and any other files associated with this sign-up flow.
Support Engineer, Constant Contact