The Community is hosting an End of Summer sweepstakes! Participants must complete tasks to earn tickets that will enter them with a chance to win a free year of Constant Contact and other great prizes!*
*No Purchase Necessary. For Official Rules, visit here. Constant Contact’s End of Summer 2020 Sweepstakes ends on October, 20, 2020 at 11:50 PM EST.

Getting 401 - Unauthorized error using sample java application

Highlighted
Occasional Participant

Getting 401 - Unauthorized error using sample java application

I have downloaded and compiled the java sample application provided through Constant Contact.  When I run it and attempt to "Get Lists" I'm getting an Unauthorized 401 error.  I'm confused as to why this is because I am using the api key provided to me through constant contact and the username and password I used to get the api key in the first place.  Is there a different "Site Owner User Name" and password I should be using?  Are there any other common causes of this error that could be causing it?  Any help would be greatly appreciated.


Thank You,


 


Mark Wolters

7 REPLIES 7
Highlighted
Moderator

Hi Mark,   I'm sorry for the

Hi Mark,


 


I'm sorry for the confusion with the Java Sample Application.  That was created prior to our changing Authentication models from Digets to Basic Authentication over SSL.  The Application is not configured to use the correct Authentication type and is not configured to make the requests over HTTPS. 


 


We have created updated samples for the most commonly used languages we've found, PHP and .NET.  It is unlikely that we will provide an updated Java asample application, however the changes should be fairly simple to update it to Basic Authentication over HTTPS.  Here is a link to our guide for updating Authentication.  

Dave Berard
Senior Product Manager, Constant Contact
Highlighted
Occasional Participant

Now having problem with oauth

Dave,


Thanks so much for your quick reply, it was very helpful.  Unfortunately whereas before I was getting the following message along with a 401 error:


WARNING: Unable to respond to any of these challenges: {basic=BASIC realm="api.constantcontact.com" oauth=OAuth realm="api.constantcontact.com"}


Now I am still receiving the 401 error but with only a problem with OAuth, i.e.:


WARNING: Unable to respond to any of these challenges: {oauth=OAuth realm="api.constantcontact.com"}


I'll dig around and see if there's anything helpful in the forums regarding this already but if there's a simple solution that you can point me towards that'd be great!


 


Thanks,


Mark Wolters

Highlighted
Moderator

Hi Mark,   OAuth is no longer

Hi Mark,


 


OAuth is no longer available due to a security hole in the protocol itself.  The hole has since been patched, however we have not investigated the impact to our customers in re-enabling it.  The only protocol you should need is Basic over HTTPS.

Dave Berard
Senior Product Manager, Constant Contact
Highlighted
Occasional Participant

oauth

Once again thank you Dave, I appreciate the help.  My problem here is that I'm far from a security expert, so maybe I'm not understanding where the decision to use oauth is being made...there is nothing in the code to enable oauth, the only authentication I'm using now is basic.  But when I attempt to access http://api.constantcontact.com/ws/customers/propelgrowth07/lists I get the 401 - Unauthorized error.  The reference to oauth is being made in the Tomcat log, here's a cut'n'paste of everything from the startup message on:


INFO: Server startup in 2258 ms

log4j:WARN No appenders could be found for logger (com.propel.constantcontact.webservices.ListServlet).

log4j:WARN Please initialize the log4j system properly.

Aug 14, 2009 11:49:41 AM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge

WARNING: Unable to respond to any of these challenges: {oauth=OAuth realm="api.constantcontact.com"}

Aug 14, 2009 12:02:42 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge

WARNING: Unable to respond to any of these challenges: {oauth=OAuth realm="api.constantcontact.com"}


So then my question is why is the WWWAuthChallenge being processed wanting the client app to use oauth?  Again, apologies for my lack of knowledge on the subject, but is the use of oauth set somewhere on the server?  If so, how do I change that to not expect the client app to use oauth?


Again thanks for all the help,


Mark Wolters


 


 

Highlighted
Moderator

I think I see the problem.

I think I see the problem.  Java is probably attempting to use multiple Authentication types because of the 401 response.  The real cause is the request URI.  All requests must be made to an HTTPS URI.  


 


Incorrect: http://api.constantcontact.com/ws/customers/propelgrowth07/lists


Correct: https://api.constantcontact.com/ws/customers/propelgrowth07/lists


 


Simply changing the request URI (No XML changes need to be made) should fix your issues.

Dave Berard
Senior Product Manager, Constant Contact
Highlighted
Occasional Participant

using https goes against basic auth?

Dave,


Changing http to https goes against the instructions for using Basic authentication in the description of how to modify your app to use Basic...in any event I attempted it and when I tried to connect I get the same 401 failure and the "Unable to respond to any of these challenges: " for Basic and Oauth.  Is it possible there's something wrong with my key?  Is there any way someone at CC can verify that the URL is accessible using Basic authentication? 

Highlighted
Moderator

I think there may be some

I think there may be some confusion on the API requirements for Basic Authentication.  Here is an exerpt from the documentation:


 


Use HTTPS instead of HTTP - For URI's you use to call any API, use HTTPS instead of HTTP.  However, in the XML body you send in, DO NOT change HTTP to HTTPS (see example below).


 


Notice that it is required for the request URI to be HTTPS.  All XHML URIs should stay HTTP as they are used for IDs or for 3rd party documents which do not have HTTPS versions.  All accounts are available via HTTPS.  If you are worried your key is not valid, I would recommend testing using a REST Client.  These tools will allow you to test your URIs and XML and make sure that you are using correct information.  Once you've set this up, it is much easier to develop an application as you've taken a set of variables out of the equation.

Dave Berard
Senior Product Manager, Constant Contact
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Constant Contact 2020 End of Summer Community Sweepstakes!

The Constant Contact User Community is hosting a sweepstakes. The more you participate, the more chances you have to win! Read on to learn more...

Read More
Featured