The Community is hosting an End of Summer sweepstakes! Participants must complete tasks to earn tickets that will enter them with a chance to win a free year of Constant Contact and other great prizes!*
*No Purchase Necessary. For Official Rules, visit here. Constant Contact’s End of Summer 2020 Sweepstakes ends on October, 20, 2020 at 11:50 PM EST.

401 Unauthorized - OAuth

SOLVED
Go to solution
Highlighted
Participant

401 Unauthorized - OAuth

I'm going to preface this by saying I could be doing this completely wrong, but that's why I'm asking for help :)

 

I've successfully received my OAuth 2.0 access token, and now I'm trying to do a simple Add Contact test to my list.  Here is the url I'm using:

 

https://api.constantcontact.com/ws/customers/example@example.com/contacts?access_token=my-oauth-acce...

 

I'm doing a POST to that url with this data:

<entry xmlns="http://www.w3.org/2005/Atom">
<title type="text"></title>
<updated>1/1/1900</updated>
<author></author>
<id>data:,none</id>
<summary type="text">Contact</summary>
<content type="application/vnd.ctct+xml">
<Contact xmlns="http://ws.constantcontact.com/ns/1.0/">
<EmailAddress>test@example.com</EmailAddress>
<FirstName>john</FirstName>
<LastName>doe</LastName>
<OptInSource>ACTION_BY_CUSTOMER</OptInSource>
<ContactLists>
<ContactList id="http://api.constantcontact.com/ws/customers/example@example.com/lists/1" />
</ContactLists>
</Contact>
</content>
</entry>

 

I get a (401) Unauthorized response with this call.  What am I doing wrong?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Employee

Re: 401 Unauthorized - OAuth

Hi,

 

An access token will remain valid until another one is generated.  Since you're putting in the one you think is valid, the only way to get a new one that you know the value of (that I can think of) would be to generate a new access token (go through the OAuth 2 flow again).  

 

A common mistake is to use the auth_code or code in place of the access token.  The code is generated in the step before you get the access token.  The access token is generated after granting access and redirecting back to your redirect url for the last time--it is appended to your redirect url.

 

In general, in the OAuth 2 flow, it would be best to check to see if a token exists and if one doesn't, put the user through the OAuth flow (then store the access token in a database, assuming you have more than one user).

 

Best Regards,

Shannon W.

API Support Specialist

View solution in original post

10 REPLIES 10
Highlighted
Employee

Re: 401 Unauthorized - OAuth

Hi,

 

Most of your XML looks good, but your id tag should be changed. It should reference a URI available to you, like below:

 

<id>http://api.constantcontact.com/ws/customers/username/contacts/101</id>

 

Also, are you replacing example@example.com with your Constant Contact username (not your email address, unless you used your email address as your username)?

Best Regards,
Shannon W.
API Support Specialist

Highlighted
Participant

Re: 401 Unauthorized - OAuth

I'm not sure that your comment about "reference a URI available to you" makes sense.  Since I'm adding a contact (and in this case, it's my first one), how can I have one that's already available to me?

 

And yes, I was using example@example.com as a placeholder.  My username is my email address and didn't want to broadcast that to the world.

 

Since my XML looks good, can I pass along any other information to you that you can use to solve the problem?  Access token?  Username?  Something else?

Highlighted
Employee

Re: 401 Unauthorized - OAuth

Hi,

 

Your XML looks good except for the id tag. The id tag has to reference your username as I've demonstrated below.  Change it from what you had:

 

<id>data:,none</id>

 

To the following, replacing your username:

 

<id>http://api.constantcontact.com/ws/customers/username/contacts/101</id>

 

Let me know if that works.

 

Best Regards,

Shannon W.

API Support Specialist

 

Highlighted
Participant

Re: 401 Unauthorized - OAuth

No dice: (401) Unauthorized

Highlighted
Employee

Re: 401 Unauthorized - OAuth

Hi,

 

I'd like to take the XML completely out of the equation for troubleshooting purposes.  Could you do a simple GET on your contacts, by using the URL below (and not providing anything in the body of your request).

 

https://api.constantcontact.com/ws/customers/username/contacts?access_token=4782-9351-3b8beaef1d18

 

Replacing the username and access token with your own, of course.  

 

Let me know if that is successful or not.  It should return a 200.  If this isn't successful, we can dig deeper into the request format and how you've provided credentials; if it is successful, I will revise your XML until it works on my end.

 

Best Regards,

Shannon W.

API Support Specialist

Highlighted
Participant

Re: 401 Unauthorized - OAuth

Hmm, odd:

 

 

 

Error: HTTP Status 401 - The token [my token] is not a valid access token.

 

Description: This request requires HTTP authentication (The token [my token] is not a valid access token.)

 

 

 

Not sure why that error is happening... thoughts?

Highlighted
Employee

Re: 401 Unauthorized - OAuth

Hi,

 

An access token will remain valid until another one is generated.  Since you're putting in the one you think is valid, the only way to get a new one that you know the value of (that I can think of) would be to generate a new access token (go through the OAuth 2 flow again).  

 

A common mistake is to use the auth_code or code in place of the access token.  The code is generated in the step before you get the access token.  The access token is generated after granting access and redirecting back to your redirect url for the last time--it is appended to your redirect url.

 

In general, in the OAuth 2 flow, it would be best to check to see if a token exists and if one doesn't, put the user through the OAuth flow (then store the access token in a database, assuming you have more than one user).

 

Best Regards,

Shannon W.

API Support Specialist

View solution in original post

Highlighted
Participant

Re: 401 Unauthorized - OAuth

Thanks Shannon, I'll try this tonight.

 

I do only have one user, so I only need the one auth token.  It's definitely possible I didn't use the most recent token generated... I tried about a million times to get my OAuth 2 stuff working before I was able to get a result.

 

Anyway, I'll post back with my results.  Thanks!

Highlighted
Participant

Re: 401 Unauthorized - OAuth

Shannon-

 

You were right, I did need to regenerate my access token.  Now everything works.

 

Thanks a ton for your help!

Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Constant Contact 2020 End of Summer Community Sweepstakes!

The Constant Contact User Community is hosting a sweepstakes. The more you participate, the more chances you have to win! Read on to learn more...

Read More
Featured