Stuck with Oauth2 V3 API

Occasional Participant

Stuck with Oauth2 V3 API

Using Rails and Oauth2, I am running into an error that says: "{"error_description":"Invalid client or client credentials","error":"invalid_client"}"


What is strange that I'm able to generate the initial URL:


Takes me to the "XXX is requesting permission for the following: etc..." I see the name of the APP I created which leads me to think that the client id I am passing is correct.


I created my own strategy based off this:


I specified the following:


option :client_options, {
site: '',
token_url: '',
authorize_url: '',
grant_type: "authorization_code"

Any ideas on where to look? 



Hello @JamesC400,


Thank you for reaching out to Constant Contact's API Support.


That error means one of two things. Either the API Key you are using in invalid; which doesn't seem likely since you are able to generate your authorization code, or the authorization header you are using was not generated correctly.


In Steps 4 and 5 of the oAuth flow you need to include an authorization header that uses a Basic token and the way you generate that is by putting your api_key and client_secret together separated by a : (colon). Then base64 encoding that.


Here is an example of how the header would look if I were to be submitting a cURL command and encoded api_key:client_secret.


header 'Authorization: Basic YXBpX2tleTpjbGllbnRfc2VjcmV0'

Jimmy D.
Tier II API Support Engineer
Occasional Participant


Thanks for the response! You led me in the right direction. Turns out there was a typo while constructing the Authorization header on my end. 


thanks a lot!

Occasional Participant

I have built an integration that was refreshing tokens every 30 minutes for 2 months, then yesterday it stopped working.


I get the same message: 

        "response": {
            "error_description": "Invalid client or client credentials",
            "error": "invalid_client"


In the code, I am setting the Authorization header:

'Authorization: Basic ' . base64_encode($request['api_key'] . ':' . $request['secret'])


When I check the API key in the API Reference it works. Also, I have triple checked the API Key and Secret. I am able to complete steps 1-4 of the workflow:


But step 5 is breaking... not sure what could be wrong.

Hi @WillH772,


I'm happy to check in to this, but in order to do that I would need some information that is best kept private. I would suggest to email us at webservices(at) and provide your API Key, Client Secret, and Redirect URI, so I can try to replicate.

Jimmy D.
Tier II API Support Engineer
Occasional Participant

Hello, I sent an email last Friday morning and have not received a response.

Developer Portal

View API documentation, code samples, get your API key.

Visit Page