We all started somewhere! Share your experience on the Get Advice: Let's Get Started Sweepstakes thread and be entered to win a $100 credit on your Constant Contact account.

Authentication Error - Add new contact using PHP


Authentication Error - Add new contact using PHP

 I'm using the following PHP code:


$first_name = trim($_POST);

$last_name = trim($_POST);

$email = trim($_POST);

$zipcode = $_POST;


/////////// REGISTER EMAIL WITH CONSTANT CONTACT ///////////////////




$Key = "OBSCURED";


$entry = '<entry xmlns="http://www.w3.org/2005/Atom">

<title type="text"> </title>

<updated>' . date('c') . '</updated>



<summary type="text">Contact</summary>

<content type="application/vnd.ctct+xml">

<Contact xmlns="http://ws.constantcontact.com/ns/1.0/">

<EmailAddress>' . $email . '</EmailAddress>

<FirstName>' . $first_name . '</FirstName>

<LastName>' . $last_name . '</LastName>

<PostalCode>' . $zipcode . '</PostalCode>



<ContactList id="http://api.constantcontact.com/ws/customers/' . $UN . '/lists/1" />' // Do this for all the lists you want to add to

//. '<ContactList id="http://api.constantcontact.com/ws/customers/' . $UN . '/lists/2" />' // Be sure to get the correct list number(s) for your list(s)

. '</ContactLists>





// Initialize the cURL session

$request ="http://api.constantcontact.com/ws/customers/" . $UN . "/contacts";

$session = curl_init($request);


// Set up digest authentication

$userNamePassword = $Key . '%' . $UN . ':' . $PW ;


// Set cURL options


curl_setopt($session, CURLOPT_USERPWD, $userNamePassword);

curl_setopt($session, CURLOPT_POST, 1);

curl_setopt($session, CURLOPT_POSTFIELDS , $entry);

curl_setopt($session, CURLOPT_HTTPHEADER, Array("Content-Type:application/atom+xml"));

curl_setopt($session, CURLOPT_HEADER, false); // Do not return headers

curl_setopt($session, CURLOPT_RETURNTRANSFER, 1); // If you set this to 0, it will take you to a page with the http response


// Execute cURL session and close it

$response = curl_exec($session);



It is the same PHP sample code located at http://developer.constantcontact.com/node/132. All I want to do is add a contact to the list. It is my understanding that $UN is my CC username, $PW is my CC password, and $Key is the API key that CC generated me. Regarding the list number, there is just one list, and I got the number by looking in the constant contact admin interface. 

The following is the CURL response that I get:


HTTP Status 401 - An Authentication object was not found in the SecurityContext

type Status report

message An Authentication object was not found in the SecurityContext

description This request requires HTTP authentication (An Authentication object was not found in the SecurityContext).

JBoss Web/2.1.1.SNAPSHOT


What am I doing wrong here? Thank you. 




The code you are using is an outdated PHP example that incorrectly uses Digest Authentication.  I would recommend using our recently updated PHP sample code instead that uses our updated Basic over SSL authentication method:  http://developer.constantcontact.com/samples/upload_forms

Dave Berard
Senior Product Manager, Constant Contact
Regular Participant

I realize this is an old post, and I have tried Dave's suggestion.


I have the lastest version of 'ctct_php_library' from github. I am using OAUTH2 to authenticate. I am able to authenticate properly by granting access to application (or so I think) but when I submit the "searchEmail" form I get the same error reported in this thread.


Any suggestions?


I also realize a new API is on its way, but I am trying to get OAUTH2 all sorted out before then.

Any help is appreciated!

"I'd love to change the world, but they won't give me the source code."

Bob Brock
Owner / Lead Developer, River Media

Hello OAuth 2 will redirect you to Authorize through our Oauth login page, and then after authorizing, will redirect back to your redirect URI (your callback script url), passing a code parameter appended to the redirect URI. On your end, another call must then be made from your callback script to exchange this code for an authorization token. Once obtained, if you're using the wrapper's datastore class to save the credentials, by default this simply stores the access token in the $_SESSION array, so if you then redirect or link to a script that doesn't include a session_start() function to maintain the current session. the authentication credentials will be lost before any of your script's calls are made.


We have left secure server/side or local storage of the authorization credentials up to the developer with the wrapper, as there are many options for this. 


If the above don't help you get things working, feel free to email webservices@constantcontact.com, and one of our API Support team may be able to more directly assist you in getting your code to fly.

Mark Coleman
Support Engineer
Developer Portal

View API documentation, code samples, get your API key.

Visit Page