Hello Feroz,

One important thing that I had noticed is that you have included URLs that are using both OAuth2 and OAuth1. I would highly suggest only using OAuth2 as it is becoming an industry standard and offers better features.

When you are authenticating with OAuth2, the server flow looks something like this:

1. The user is sent to the Authentication URI. EX: https://oauth2.constantcontact.com/oauth2/oauth/siteowner/authorize?&response_type=code&client_id={A... where you replace {API_KEY} and {Redirect_URI} with the your own values.
2. The user fills out their Constant Contact account information.

3. The information provided is verified and then the user is sent to your Redirect URI with a code and the username attached. EX: http://example.com/redirect?code=dkdd93ldd0ldf03ds0d&username=joesflowers

4. You can exchange this code for a permanent access token by sending a GET request in the following format:

https://oauth2.constantcontact.com/oauth2/oauth/token?

grant_type=authorization_code&

client_id={API_KEY}&

client_secret={Consumer_Secret}&

code=dkdd93ldd0ldf03ds0d&

redirect_uri={Redirect_URI}

In this example, all names in curly braces (including the braces) would be replaced with the appropriate values from your API key configuration.

In addition, we have a PHP example code to show this process that you can find here:

https://github.com/shannon7wallace/OAuth-2-PHP-Example

And a documentation page discussing the details of authentication with OAuth2 that you can find here:

http://community.constantcontact.com/t5/Documentation/Authentication-using-OAuth-2-0-Server-and-Clie...

If you do still have questions, you can reply to this post and we will be happy to help you!

Sincerely,

Elijah G.

Tier 2 Support