cancel
Showing results for 
Search instead for 
Did you mean: 

403 Forbidden using cURL for access token request

Visitor

403 Forbidden using cURL for access token request

I'm using this PHP wrapper code for access token request:
 
 
$apiKey = "";
$consumerSecret = "";
$redirectURI = "";
 
$code = $_REQUEST['code'];
$username = $_REQUEST['username'];
 
//We will use PHP cURL to make a request to Constant Contact to get the Access Token.
 
$rqurl = "https://oauth2.constantcontact.com/oauth2/oauth/token?grant_type=authorization_code&client_id=$apiKey&client_secret=$consumerSecret&code=$code&redirect_uri=$redirectURI";
$rq = curl_init();
 
curl_setopt($rq, CURLOPT_URL, $rqurl);
curl_setopt($rq, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($rq, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($rq, CURLOPT_HEADER, 0);
curl_setopt($rq, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($rq, CURLOPT_POST, 1); 
 
$result = curl_exec($rq);
 
...after hard-coding the individual url parameters and testing, I get a 403 Forbidden when printing $result.  However, when I do a <form> post instead with the same url for action=, I get the expected token.json. 
 
I've also tried:  curl_setopt($rq, CURLOPT_CUSTOMREQUEST, "POST");
 
For cURL:  Do I need to configure the headers?  Or set a session attribute for $rq?
Is cURL's post inherently missing something that a <form> post satisfies?
 
2 REPLIES 2
Moderator

Re: 403 Forbidden using cURL for access token request

Without seeing the response for why you're receiving the 403, you should be able to get that from the response body for the cURL request, it's hard to trouble shoot this effectively.  The most common issue is that there is an encoding failure in something in the URL.  This can often times happen in the redirect_uri parameter.  If you've already checked these values, can you reply with the details of the 403 error you're receiving?

 

On another note, we do offer a fully functional PHP implementation of OAuth 2.0 with our PHP wrapper library.  We highly recommend using that as it can save you a lot of time in serializing payloads, implementing OAuth and other detail pieces that can consume lots of time.   Let us know if there is something missing or a reason why you decided not to use that, we'd be very interested to understand how we can make it better.  You can find our PHP wrapper here: https://github.com/constantcontact/php-sdk

Dave Berard
Senior Product Manager, Constant Contact
Visitor

Re: 403 Forbidden using cURL for access token request

Thanks for the reply.  Yes, the 403 response after my cURL access token request is: 

  Forbidden

You don't have permission to access /oauth2/oauth/siteowner/authorize on this server.