I have created a custom connector in Microsoft flow to connect to constant contact to move our customer information from Dynamics 365 to constant contact
I had no issues when I initially created the connection to constant contact.
Adding contacts to constant contact worked for about 2-3 weeks.
After though, I now get "unauthorized" 401 when microsoft flow tries to access constant contact.
I created a new connection with a new secret key and it seems to have fixed it.
I've been looking at the forums and I think that the token is not being refreshing the access token when it expires. Hence it stops working after 2 weeks.
Any ideas what might be going on? Here is my configuration settings in Microsoft flow
This is what I have set up for the OAuth 2.0 security settings on microsoft flow:
Identity Provider: Generic Oauth 2
Client id: <matches constant contact>
Client secret: <matches constant contact>
Authorization URL: https://api.cc.email/v3/idfed
Refresh URL: https://idfed.constantcontact.com/as/token.oauth2
Redirect URL: https://msmanaged-na.consent.azure-apim.net/redirect
Thank you for reaching out to Constant Contact API Developer Support.
Apologies, I'm not personally familiar with Microsoft Flow. However, once that initial OAuth flow is done, we return both an access and refresh token, and you can programmatically use the refresh token to get a new access token (and new refresh token) without the need for the account owner to log in and click to grant access again.
If you are getting 401 errors and reconnecting resolves it, it sounds like your refresh isn't completing successfully. Can you provide some detail on how you are refreshing your token?
Tier II API Support Engineer
I actually don't know how it is done, as is it done under the hood in microsoft flow. I just set it up to generic OAUTH 2.0 security, and then fill in the required fields.
I can definitely ask Microsoft how they are refreshing the OAUTH 2.0 token.
It looks like Microsoft flow sends this request when it tries to connect again:
Request header: (i removed the token and replaced with zzzzzzzzz)
"Authorization": "Bearer zzzzzzzzzzzzzzzzzzzzzzzzzzz"
The Authorization header is similar to a password. That is just telling the receiving server "here is my authorization to do this action". There should be more information sent along with that header which should be in a body section. That is where you will find what is actually trying to be done. If you can find that it will give us a clue as to what is going on.