The Community is hosting an End of Summer sweepstakes! Participants must complete tasks to earn tickets that will enter them with a chance to win a free year of Constant Contact and other great prizes!*
*No Purchase Necessary. For Official Rules, visit here. Constant Contact’s End of Summer 2020 Sweepstakes ends on October, 20, 2020 at 11:50 PM EST.

401 Errors with AddAContact.php Example

Highlighted
Moderator

401 Errors with AddAContact.php Example

We have taken many reports of developers having a hard time upgrading to Basic over HTTPS using the sample PHP code.  Here is a breakdown of how to update your code.  We have updated this post with new information based on our extensive testing of curl and php versions and servers. For more detailed information on these limitations, please see the end of this documentation.


 


There are 6 changes which need to be made to our old sample script (AddAContact.php and Contact.php) in order to make it work over Basic Authentication with HTTPS.  The changes are as follows:

 




In both files,


Change: curl_setopt($session, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);


To: curl_setopt($session, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);


 


 


AddAContact.php:line 75


Change From: $request =  "http://api.constantcontact.com/ws/customers/".CC_USERNAME."/contacts";


To: $request =  "https://api.constantcontact.com/ws/customers/".CC_USERNAME."/contacts";


 


 


Contact.php:line 81


Change From: $request =  "http://api.constantcontact.com/ws/customers/".$this->user_name."/lists";


To: $request =  "https://api.constantcontact.com/ws/customers/".$this->user_name."/lists";


 


 


If you are still experiencing connectivity issues after these changes you may need to also do the following:


 


In both files,


Add the code: curl_setopt($session, CURLOPT_SSL_VERIFYPEER, 0);


Before: $response = curl_exec($session);


 




We have released a new and updated PHP example, as well as a new and udpated C#.NET example, here.  These examples have been tested on multiple hosting platforms and are a great way to get started using our most updated API techniques.


 


We have found that if a server is not configured to automatically update their CA certificate cache or is using an older version of curl, the SSL Certificate verification process will fail.  By using these additional settings, it will bypass the certificate authentication process.


 


Please note, this will only bypass certificate authentication for the Constant Contact API usage and is not a global setting on your servers.  If you are able to fix your issues by making these changes to the certificate verification, this means that your server configuration is not set to automatically update your CA certificates used by curl to verify SSL connections.  This is not something Constant Contact can assist with changing, this issue should be brought back to your web hosting service or your web admin for further trouble shooting.


 


For more information on this issue, please see this article on the curl developer site on the limitations on the default curl CA certificate verification process.  This is in no way related to the Constant Contact API but to an actual limitation of the way curl verifies SSL certificates.  We apologize for the confusion regarding this and the amount of time it took to find this limitation. 

Dave Berard
Senior Product Manager, Constant Contact
21 REPLIES 21
Highlighted
Participant

Sorry, Doesn't Work

Made the changes you outlined and it worked once but not again. I tried the same script on two different servers (two different clients) and got back the following:


Error Encountered!

There was an error trying to connect to the server.

Please go BACK and try again later.


and on the other one:


System Error Encountered!

Error

could not find valid list with the name generalinterest


Same exact script but with different accounts, usenames, passwords, keys.


Very strange that they would have different error messages??

Highlighted
Moderator

We have updated this post

We have updated this post with new information based on our extensive testing of curl and php versions and servers.  We have found that if a server is not configured to automatically update their CA certificate cache or is using an older version of curl, the SSL Certificate verification process will fail.  By using these additional settings, it will bypass the certificate authentication process.


 


Please note, this will only bypass certificate authentication for the Constant Contact API usage and is not a global setting on your servers.  If you are able to fix your issues by making these changes to the certificate verification, this means that your server configuration is not set to automatically update your CA certificates used by curl to verify SSL connections.  This is not something Constant Contact can assist with changing, this issue should be brought back to your web hosting service or your web admin for further trouble shooting.


 


For more information on this issue, please see this article on the curl developer site on the limitations on the default curl CA certificate verification process.  This is in no way related to the Constant Contact API but to an actual limitation of the way curl verifies SSL certificates.  We apologize for the confusion regarding this and the amount of time it took to find this limitation.  

Dave Berard
Senior Product Manager, Constant Contact
Highlighted
Participant

Thanks

Hi Dave,


Thanks for your hard work on this. Considering all the discrepencies (some work some don't) this makes sense. Luckily the clients that I have little control over their server configuration (ie. GoDaddy) seem to have updating the CS certificate enabled by default. My other clients are asking their hosting services about it right now - hopefully this will not be a big deal for them. I'll let you know how it goes.

Highlighted
Occasional Participant

Thanks!

These changes worked for me. I did not have to use the last one. I use godaddy.

Highlighted
Occasional Participant

change didn't work

This is the error I received.


Warning: curl_setopt(): supplied argument is not a valid cURL handle resource in /home/citysp5/public_html/instore/Contact.php on line 99


I've been in contact with my hosting company and they didn't really know what to make of changing the server configuration.  They use linux servers... inmotionhosting.com.


 

Highlighted
Moderator

What is line 99 on your

What is line 99 on your Contact.php file.  If you can give us that line, we can look in the php documentation to see what version of php/curl is required for the option to work.  There are many options that are not available in early versions of php 5.

Dave Berard
Senior Product Manager, Constant Contact
Highlighted
Occasional Participant

Line 99

Here is the php from contact.php line 99 is in bold   line 99 = (curl_setopt($session, CURLOPT_SSL_VERIFYPEER, 0);)


// Set up Basic authentication - username and password.

        $userNamePassword = $this->api_key."%".$this->user_name.":".$this->password;

        if (empty($this->api_key) || empty($this->user_name) || empty($this->password)) {

            $this->err_message  .= '<br />Missing or invalid user name or password or api key.';

            error_log(date('Y-m-d H:i:s') .

                               ' Error invlid user name or password or api key '.

                               "\n", 3, $this->log_file_name);           

        }

        curl_setopt($session, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);

        curl_setopt($session, CURLOPT_USERPWD, $userNamePassword);

        curl_setopt($session, CURLOPT_FOLLOWLOCATION  ,1);

        curl_setopt($session, CURLOPT_GET, 1);

        curl_setopt($session, CURLOPT_HTTPHEADER, Array("Content-Type:application/atom+xml"));

        curl_setopt($session, CURLOPT_HEADER, 0);   // Do not return headers

        //don't send the response to browser

                 curl_setopt($session, CURLOPT_RETURNTRANSFER, 1);

        curl_setopt($session, CURLOPT_SSL_VERIFYPEER, 0);

        $response = curl_exec($session);

        curl_close($session);

Highlighted
Moderator

I have confirmed that that is

I have confirmed that that is a valid option for all versions of php 5.X.X.  The only limitation to that option is that it is not valid for any versions of curl prior to 7.10.  If you are using a version priot to 7.10 (it's worth noting that curl is now on 7.19.5), this would explain both your failure for sending information over SSL (curl 7.10 would have certificates that are over 3 years old by default) and why you can not use this option (it is not available in your version of curl).  


 


I would contact your web host to go over your version of curl, version of php and whether or not they have set up their server to run a cron job to update your CA certificates folder in curl for you.  

Dave Berard
Senior Product Manager, Constant Contact
Highlighted
Occasional Participant

Valid option

I had the same problem earlier, then went to the php docs and found that the variable in the statement curl_setopt($session, CURLOPT_SSL_VERIFYPEER, 0); must be the resource that was created with the curl_init call.  In a previous post, the instructions said to use $ch, not $session.  I changed to $session and that problem went away.  Now I just have a error trying to connect to the server.  I'm using Network Solutions for this client (their choice, not mine) and the curl version is libcurl/7.15.1 OpenSSL/0.9.8f zlib/1.2.3 .  Any suggestions?


Here's the code for the connection:


       $request =  "https://api.constantcontact.com/ws/customers/".CC_USERNAME."/contacts";

       $session = curl_init($request);

       // Set up Basic authentication - username and password.

       $userNamePassword = CC_APIKEY."%".CC_USERNAME.":".CC_PASSWORD;

       curl_setopt($session, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);

       curl_setopt($session, CURLOPT_USERPWD, $userNamePassword);

       curl_setopt($session, CURLOPT_FOLLOWLOCATION  ,1);

       curl_setopt($session, CURLOPT_POST, 1);

       curl_setopt($session, CURLOPT_POSTFIELDS , $entry);

       curl_setopt($session, CURLOPT_HTTPHEADER, Array("Content-Type:application/atom+xml"));

       curl_setopt($session, CURLOPT_HEADER, 0);   // Do not return headers

       curl_setopt($session, CURLOPT_RETURNTRANSFER, 1);

       curl_setopt ($session, CURLOPT_SSL_VERIFYPEER, 0);

       $response = curl_exec($session);

       curl_close($session);

Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Constant Contact 2020 End of Summer Community Sweepstakes!

The Constant Contact User Community is hosting a sweepstakes. The more you participate, the more chances you have to win! Read on to learn more...

Read More
Featured