We all started somewhere! Share your experience on the Get Advice: Let's Get Started Sweepstakes thread and be entered to win a $100 credit on your Constant Contact account.

Possible bug with OAUTH authorization response URL encoding

Regular Participant

Possible bug with OAUTH authorization response URL encoding

The state parameter returned by Constant Contact in the authorization response is not properly URL encoded, causing a mismatch comparing the state parameter.


An authorization request set to



eventually ends up redirected to



That value is then decoded (since it's a query string parameter after all) as

QHu8qRq9JX7wTzQmG hEug==

causing a state mismatch error.


The expected redirect URI is



Note: I added an "x" to the start of the URLs because the forum keeps converting them into clickable URLs and truncating the display text.


Thank you for letting us know about this.  We are looking into it.


Best Regards,

Shannon W.

API Support Specialist

Regular Participant

Is there an update or estimated timeline for a fix for this?

At this time, we do not have any update on a potential fix for this.  We are planning on looking at this soon, however we are in the last stages of releasing the new version of our API and have not had time to look into this issue while finishing up that work. 


We apologize for any inconvenience this may be causing you.  As soon as we are able to, we will work on reproducing this and getting a fix out for any issues we find during our investigation.

Dave Berard
Senior Product Manager, Constant Contact
Developer Portal

View API documentation, code samples, get your API key.

Visit Page