OAuth 2.0 - Access Token Request - (401) Unauthorized

Regular Participant

OAuth 2.0 - Access Token Request - (401) Unauthorized

I keep getting (401) Unauthorized from the server, and I'm not sure why. I'm using the code generated in the Authorization Response, and have copy and pasted in the other Key/Secret/URI info from my account.


Here's my code, any insight?


HttpWebRequest httpWReq = (HttpWebRequest)WebRequest.Create("https://oauth2.constantcontact.com/oauth2/oauth/token?");

    ASCIIEncoding encoding = new ASCIIEncoding();
    string postData = "grant_type=authorization_code";
    postData += "&client_id=<API KEY>";
    postData += "&client_secret=<SECRET KEY>";
    postData += "&code=<CODE>";
    postData += "&redirect_uri=<REDIRECT URL>";

    byte[] data = encoding.GetBytes(postData);

    httpWReq.Method = "POST";
    httpWReq.ContentType = "application/x-www-form-urlencoded";
    httpWReq.ContentLength = data.Length;

    // Write data
    Stream postStream = httpWReq.GetRequestStream();
    postStream.Write(data, 0, data.Length);

    // Send Request & Get Response
    HttpWebResponse response = null;
    response = (HttpWebResponse)httpWReq.GetResponse();

    using (StreamReader reader = new StreamReader(response.GetResponseStream()))
        // Get the Response Stream
        string json = reader.ReadLine();

        // Retrieve and Return the Access Token
        JavaScriptSerializer ser = new JavaScriptSerializer();
        Dictionary<string, object> x = (Dictionary<string, object>)ser.DeserializeObject(json);
        string accessToken = x["access_token"].ToString();
        Master.PostMessage(accessToken, LogMessageType.Information);




Based on what's being done in your code, the issue here is that you are trying to accomplish the entire OAuth process in one step where it is actually a two-step process on the server side. Here's a very basic breakdown:


1. Direct the user to https://oauth2.constantcontact.com/oauth2/oauth/siteowner/authorize and include parameters for the redirect uri, response type, and the API key. When the user reached this page, they will be prompted to log in and then grant access to your application.

2. Once the user grants permission, they will be sent to your specified redirect URI with an additional parameter containing a code. Using that code, you need to make a request to https://oauth2.constantcontact.com/oauth2/oauth/token with the appropriate information.


One important thing to keep in mind is that your redirect URI must match exactly the redirect URI on your API key. The only exception to this is for parameters appended to the redirect URI.


You can read about this process in detail, along with the specific parameters for each request here: http://developer.constantcontact.com/docs/developer-guides/authentication.html



Elijah G.

API Support Specialist

Elijah G.
API Support Engineer
Regular Participant

Thanks for the reply, but this is only the second half of my code.

I've been able to successfully redirect the user to grant access and generate the code. I just haven been able to generate the token...

I tested out a simple OAuth 2.0 sample app to see if I could reproduce and I wasn't able to.  Below is the code I used for parsing the code response on my redirect_uri page as well as exchanging it for an access_token.  Keep in mind, we also have a C# wrapper library you can use that does all this for you found here.


String code = Request.QueryString["code"];

StringBuilder tokenUri = new StringBuilder();



                ApiKey, ConsumerSecret, code, HttpUtility.UrlEncode(RedirectUri));


String responseBody;



                HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(tokenUri.ToString());

                request.Method = "POST";

                HttpWebResponse response = (HttpWebResponse)request.GetResponse();

                StreamReader responseStream = new StreamReader(response.GetResponseStream());

                responseBody = responseStream.ReadToEnd();


catch (WebException ex)


                StreamReader responseStream = new StreamReader(ex.Response.GetResponseStream());

                responseBody = responseStream.ReadToEnd();



// code to parse JSON and store access_token should go here


Dave Berard
Senior Product Manager, Constant Contact
Regular Participant

Thanks for the reply.


I'm taking another look at this now. I'm using the SDK and have finished all my other integration now I just need the OAuth to work.


I'm trying to use OAuth.GetAccessTokenByCode(HttpContext.Current, code); but all it returns is null,


Are you able to offer any insight?

Developer Portal

View API documentation, code samples, get your API key.

Visit Page