Between 8:00 - 9:00 am ET on 10/25 we need to take our site down to make updates. We recommend logging out before 8:00am ET and not using your account during this time. Thank you for your patience while we make these important updates.

Need to hardcode access token in PHP

Regular Participant

Need to hardcode access token in PHP

I have a script that is a form available to the public to fill out, submit, get some data analyzed and in the process check Constant Contact to see if the user exists. If not, it adds it, otherwise it skips trying to add it. This all works when I run through it and have manually clicked the Grant Access button but if I try another browser that doesn't have the same session or someone else entirely tries to fill out the form from another computer, they get the error "OAuth Exception: Username travis@drtraviselliott.com not found in datastore" and I have it setup to send me an email when that happens to click the link to Grant Access.  

 

This is not acceptable as the script just needs to ALWAYS have access to hit the CC system to check for and add a new contact.

 

I have read as many docs as I can find on your site but can't find the specific solution to my problem but it seems like hardcoding the access token would be the right solution. If so, where do I get the permanent access token?

 

include_once('../ConstantContact.php');
		
		$username = 'travis@drtraviselliott.com';
		$apiKey = '<REMOVED>';
		$consumerSecret = <REMOVED>';
		$consumerPassword = '<REMOVED>';
		$Datastore = new CTCTDataStore();
		$DatastoreUser = $Datastore->lookupUser($username);
		
		if($DatastoreUser){
			$ConstantContact = new ConstantContact('oauth', $apiKey, $DatastoreUser['username'], $consumerSecret);
			//$ConstantContact = new ConstantContact('basic', $apiKey, $username, $consumerPassword);
			$ContactLists = $ConstantContact->getLists();
        		
			if(isset($youremail)){
			
				$contactSearch = $ConstantContact->searchContactsByEmail($youremail);
				
				if(!$contactSearch){
					
					$parts = explode(" ", $yourname);
					$lastname = array_pop($parts);
					$firstname = implode(" ", $parts);
					
					$Contact = new Contact();
					$Contact->emailAddress = $youremail;
					$Contact->firstName = $firstname;
					$Contact->lastName = $lastname;
					$Contact->lists = $_POST['lists'];
			
					$NewContact = $ConstantContact->addContact($Contact);
					/*if($NewContact){
						echo "Contact Added. This is your newly created contact's information<br /><pre>";
						print_r($NewContact);
						echo "</pre>";
			
					}*/
				}
			
			}
			
		}
13 REPLIES 13
Member

Hello,

 

If you are working with a form that is specific to your own website, then you are correct that the best option would be to store the access token by hard-coding it or including it through a configuration file. You can easily get your Access Token here: https://constantcontact.mashery.com/io-docs

 

Simply copy & paste your API key into the API Key field and click Get Access token. This will walk you through the flow and at the end you will be presented with your Access Token. I do also want to mention that while it is not truly permanent, the Access Token currently persists for 10 years which should work well for you.

 

If you have any questions or problems, please let us know!

 

Sincerely,

Elijah G.
API Support Engineer

Thanks for getting back to me Elijah. I entered my API Key and clicked Get Access Token and got the following on the next page:

 

=================

the client identified by : 2362a149-c9cb-4244-b8bd-be86d854491c does not have pre-registered redirect uri

Please close the window to return to your application.

=================

 

What do I do now?

It looks like your API key (and likely also the code for your form) is for our V1 XML API rather than our newer V2 JSON API. If possible, I would strongly advise basing your form on our V2 API instead, as our V1 API is currently in a deprecated state and will be decommissioned(after several months of notice) in the future. For working with our V2 API, you could use our PHP SDK, which includes a sample form that you could easily adapt to your needs.

 

Regardless of if you choose to continue with our V1 API or work with our V2 API, you will want to create a new developer account and API key through Mashery(our partners for Key management) here: https://constantcontact.mashery.com/member/register The whole process should only take a few minutes and you will be able to use that key to get your Access Token. In addition, this new API key will be fully functional with both the V1 and V2 APIs.

 

Please let me know if you have any questions!

 

Sincerely,

Elijah G.
API Support Engineer

Regarding V1 vs V2, currently it is not an option to revise the code for V2. That will have to be addressed at a later date.

 

I got the Access Token. In the line "new ConstantContact()" line of code, where do I put the Access Token:

 

$ConstantContact = new ConstantContact('oauth', $apiKey, $DatastoreUser['username'], $consumerSecret);

To use your code with OAuth2 and the access token, you can do the following:

 

$ConstantContact = new ConstantContact('oauth2', $apiKey, 'CTCT_USERNAME', 'ACCESS_TOKEN');

 

If you have any difficulties getting that up and running, let me know!

 

Sincerely,

Elijah G.
API Support Engineer

Are oauth and oath2 interchangeable in this case? And where do I find my CTCT_USERNAME? Would it be the same username as $DatastoreUser['username']?

Hello,

 

"oauth" and "oauth2" are not interchangeable, as one indicates OAuth 1, and the other indicates OAuth 2, which have some significant differences.

 

Since you are hard-coding the Access Token, you will not be using the OAuth process and therefore will not be making use of the datastore tool. Because of this, the username must also be hard-coded. The username you need is the same username that is used to log in to the Constant Contact account which you wish to connect. It should also be the same username that was being placed in $DatastoreUser['username'].

 

Let me know if you have any additional questions!

 

Sincerely,

Elijah G.
API Support Engineer

So to be clear, I am currently using oauth, not oauth2. Can I use oauth with the CTCT_USERNAME and Access Token I generated?

Hello,

 

Thanks for the clarification. In your case it will be notably simpler if you were to use OAuth 2 rather than OAuth 1. In order to user OAuth 2, you should only need the Access Token that you generated, your username, and new your API Key. If you want to use OAuth 1, it is more involved to hardcode the token, and not as well supported by the wrapper code that you are using.

 

Is there a specific reason to prefer OAuth 1 over OAuth 2?

 

Sincerely,

Elijah G.
API Support Engineer

When I originally wrote the script I tried implementing oauth2 and could not get it to work. I ended up working off another of your code examples that used oauth1 and was able to get it working pretty quickly except I didn't realize at the time that it was only working on a per session basis not an application basis after I had clicked the Grant Access button but I see now that using another browser or anyone else at all going to the page and submitting the form is going to get the oauth error. 

 

A full rewrite of the code is definitely not an ideal option at this point. Referring to the original code snippet I sent, is there a small tweak I can make to accomplish the auth by access token and if not, can you point me in the direction of example code that will accomplish what I need relatively easily?

Hi Travis,

 

you should be able to accomplish both of your goals (Oauth 2, and hardcoding the access token) by simply using this snippet when intiializing the ConstantContact object:

$ConstantContact = new ConstantContact('oauth2', $apiKey, 'CTCT_USERNAME', 'ACCESS_TOKEN');

Simply replace the two placeholders in that code with the appropriate values, and you should be able to immediately connect to and use the API with OAuth2 and the access token. If you run into any issues with that, please let me know!

 

Sincerely,

 

 

 

Elijah G.
API Support Engineer

I updated my code as follows and am still getting the same error: OAuth Exception: Username travis@drtraviselliott.com not found in datastore

 

include_once('/..ConstantContact.php');
		
		$username = 'REMOVED';
		$apiKey = 'REMOVED';
		$consumerSecret = 'REMOVED';
		$accessToken = 'REMOVED';
		$Datastore = new CTCTDataStore();
		$DatastoreUser = $Datastore->lookupUser($username);
		
		if($DatastoreUser){
			$ConstantContact = new ConstantContact('oauth2', $apiKey, $username, $accessToken);
			$ContactLists = $ConstantContact->getLists();
        		
			if(isset($youremail)){
			
				$contactSearch = $ConstantContact->searchContactsByEmail($youremail);
				
				if(!$contactSearch){
					
					$parts = explode(" ", $yourname);
					$lastname = array_pop($parts);
					$firstname = implode(" ", $parts);
					
					$Contact = new Contact();
					$Contact->emailAddress = $youremail;
					$Contact->firstName = $firstname;
					$Contact->lastName = $lastname;
					$Contact->lists = $_POST['lists'];
			
					$NewContact = $ConstantContact->addContact($Contact);
					/*if($NewContact){
						echo "Contact Added. This is your newly created contact's information<br /><pre>";
						print_r($NewContact);
						echo "</pre>";
			
					}*/
				}
			
			}
			
		}

Since we're hardcoding both the username and the access token, you can remove this datastore code:

$Datastore = new CTCTDataStore();
$DatastoreUser = $Datastore->lookupUser($username);

That should resolve the problem. Let me know if there's any further roadblocks!

 

Sincerely,

Elijah G.
API Support Engineer
Developer Portal

View API documentation, code samples, get your API key.

Visit Page