The Community is hosting an End of Summer sweepstakes! Participants must complete tasks to earn tickets that will enter them with a chance to win a free year of Constant Contact and other great prizes!*
*No Purchase Necessary. For Official Rules, visit here. Constant Contact’s End of Summer 2020 Sweepstakes ends on October, 20, 2020 at 11:50 PM EST.

Authentication Error - Add new contact using PHP

New Member

Authentication Error - Add new contact using PHP

 I'm using the following PHP code:


$first_name = trim($_POST);

$last_name = trim($_POST);

$email = trim($_POST);

$zipcode = $_POST;


/////////// REGISTER EMAIL WITH CONSTANT CONTACT ///////////////////




$Key = "OBSCURED";


$entry = '<entry xmlns="">

<title type="text"> </title>

<updated>' . date('c') . '</updated>



<summary type="text">Contact</summary>

<content type="application/vnd.ctct+xml">

<Contact xmlns="">

<EmailAddress>' . $email . '</EmailAddress>

<FirstName>' . $first_name . '</FirstName>

<LastName>' . $last_name . '</LastName>

<PostalCode>' . $zipcode . '</PostalCode>



<ContactList id="' . $UN . '/lists/1" />' // Do this for all the lists you want to add to

//. '<ContactList id="' . $UN . '/lists/2" />' // Be sure to get the correct list number(s) for your list(s)

. '</ContactLists>





// Initialize the cURL session

$request ="" . $UN . "/contacts";

$session = curl_init($request);


// Set up digest authentication

$userNamePassword = $Key . '%' . $UN . ':' . $PW ;


// Set cURL options


curl_setopt($session, CURLOPT_USERPWD, $userNamePassword);

curl_setopt($session, CURLOPT_POST, 1);

curl_setopt($session, CURLOPT_POSTFIELDS , $entry);

curl_setopt($session, CURLOPT_HTTPHEADER, Array("Content-Type:application/atom+xml"));

curl_setopt($session, CURLOPT_HEADER, false); // Do not return headers

curl_setopt($session, CURLOPT_RETURNTRANSFER, 1); // If you set this to 0, it will take you to a page with the http response


// Execute cURL session and close it

$response = curl_exec($session);



It is the same PHP sample code located at All I want to do is add a contact to the list. It is my understanding that $UN is my CC username, $PW is my CC password, and $Key is the API key that CC generated me. Regarding the list number, there is just one list, and I got the number by looking in the constant contact admin interface. 

The following is the CURL response that I get:


HTTP Status 401 - An Authentication object was not found in the SecurityContext

type Status report

message An Authentication object was not found in the SecurityContext

description This request requires HTTP authentication (An Authentication object was not found in the SecurityContext).

JBoss Web/2.1.1.SNAPSHOT


What am I doing wrong here? Thank you. 




The code you are using is an

The code you are using is an outdated PHP example that incorrectly uses Digest Authentication.  I would recommend using our recently updated PHP sample code instead that uses our updated Basic over SSL authentication method:

Dave Berard
Senior Product Manager, Constant Contact
Solution Provider

Re: The code you are using is an

I realize this is an old post, and I have tried Dave's suggestion.


I have the lastest version of 'ctct_php_library' from github. I am using OAUTH2 to authenticate. I am able to authenticate properly by granting access to application (or so I think) but when I submit the "searchEmail" form I get the same error reported in this thread.


Any suggestions?


I also realize a new API is on its way, but I am trying to get OAUTH2 all sorted out before then.

Any help is appreciated!

"I'd love to change the world, but they won't give me the source code."

Bob Brock
Owner / Lead Developer, River Media
Trusted Contributor

Re: The code you are using is an

Hello OAuth 2 will redirect you to Authorize through our Oauth login page, and then after authorizing, will redirect back to your redirect URI (your callback script url), passing a code parameter appended to the redirect URI. On your end, another call must then be made from your callback script to exchange this code for an authorization token. Once obtained, if you're using the wrapper's datastore class to save the credentials, by default this simply stores the access token in the $_SESSION array, so if you then redirect or link to a script that doesn't include a session_start() function to maintain the current session. the authentication credentials will be lost before any of your script's calls are made.


We have left secure server/side or local storage of the authorization credentials up to the developer with the wrapper, as there are many options for this. 


If the above don't help you get things working, feel free to email, and one of our API Support team may be able to more directly assist you in getting your code to fly.

Mark Coleman
Support Engineer
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Constant Contact 2020 End of Summer Community Sweepstakes!

The Constant Contact User Community is hosting a sweepstakes. The more you participate, the more chances you have to win! Read on to learn more...

Read More