403 Forbidden from API (Apache error)

Regular Participant

403 Forbidden from API (Apache error)

 

I just started getting this kicked back from the API (https://api.constantcontact.com/ws/customers/$login):

 

Title: 403 Forbidden

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>

 

Any ideas? Are they blocking us? I verified the API key is active and the login/passwordi s good.

 

16 REPLIES 16
Employee

Hey,

 

I would need to see the rest of your code to see why you are getting a 403.  403 is typically when you are trying to access a different username in your URI and passing a completely different URI as your credential.  Thus you are forbidden to see someone elses data.

 

The other reason why you could get this error is that this is your base URI which would require a "/" at the end.  If you try"../contacts" you should get a successful response if your credentials are correct.

Ryan Davis
Quality Engineer
Regular Participant

 

That is not the case , something seems to be wrong with my account.

 

When I visit this URL in my browser:

 

http://api.constantcontact.com/ws/customers/$myusernamehere/activities

 

and I try to login with the same exact login/password that works for my normal CC account, it rejects my login.

 

My account was recently reactivated, so it looks like it wasnt re-activated for the API portition. Can you please fix this?

Hey,

 

Can you provide me with the last 6 characters of your API key so I can see the status of the particular API key that is being used.

Ryan Davis
Quality Engineer
Regular Participant

Its fad673

 

Thanks for your help

Hey Gerard,

 

That apikey is currently enabled and I have tested it myself with no issues.

 

 

Ryan Davis
Quality Engineer
Regular Participant

 

The API key itself is not the problem. The issue is with the actual authentication. When I visit

 

/http://api.constantcontact.com/ws/customers/<my username>

 

and attempt to authenticate, it does not work. The API key is not part of this exchange. If you have access to our account username/password please test thati.

 

Please contact me direct and I will provide you with our constant contact login/password so you can further test.

 

As I mentioned before our account was deactivated and then reactivated. So it seems like this process was not appied to the URL above.

 

Hey,

 

The apikey has a lot to do with what you are doing as you need to enter the end "/" so

 

https://api.constantcontact.com/ws/customers/<my username>/

 Which will not give you much information back.  The api key is involved as you need to enter your credentials with your APIkey concatenated with your username with a % appended between. 

 

apikey%username

 

Ryan Davis
Quality Engineer
Regular Participant

The API is protected by basic access authentication (http://en.wikipedia.org/wiki/Basic_access_authentication)

 

I cannot even reach the API because my login details are not authenticated.

 

Please check the login/password database the API is using and re-add my credentials to it.

 

Please contact me off list if you want further detail. Once you replicate my issue you'll see it instantly.

 

 

Regular Participant

Hello

 

I was able to resolve this issue. Now I'm seeing a new problem.

 

The list IDs that I'm specificying in the API dont seem to match up with the list ID in the webGui

 

For instance, I passed ID 10 via the API, but the list I was actually manipluating is listed as #7 in the WebGUI

 

Please advise.

Hey,

 

The gui wont show you the list id directly in the contacts.  It will show you a "sort id" which gives it a position that you can arrange them in order in terms of displaying to the screen.  You can do a get to your list collection:

 

https://api.constantcontact.com/ws/customers/{your-username}/lists

 Which will return your lists with id's appended.  The other way is to hover over a link in the gui and you see that &listId=# in the URI which you can use as well.

Ryan Davis
Quality Engineer
Regular Participant

Ah ha, perfect!

Regular Participant

Another issue

 

I am told that email addresses can exist on multiple lists. However when I import contacts to my lists via the API, if they're already on an exisitng list, they are removed from there.

 

Here's an example,

 

List A is in constant contact already and has 2600 contacts

I create List B

I import 1000 contacts into List B via the API, they happen to be duplicate addresse which are already on List A

 

When the API call is complete, List A is now 1600 contacts instead of 2600 contacts.

 

How do we set it so that they can be on multiple lists? We are using ACTION_BY_CUSTOMER (mostly because we cannot have our contacts be sent emails when added)

 

Hey,

 

When you are creating your contact you supply which list or list(s) that they belong to.  If you are adding the contact to a new list you would append the list. 

 

Your Alogorithm would be somewhat of:

 

GET contact

Gather XML

Append new Contact list

<ContactLists>
<ContactList ... /> /** This would be the original **/
<ContactList ... /> /** New Lists **/
<ContactList ... />
</ContactLists>

 

PUT contact with xml and appended list.  Then it is added to the contact ID.

Ryan Davis
Quality Engineer

Since you're doing mass updates, there is an alternative that may be easier for you as well.  We have a Bulk Activities API that allows you to add up to 20k email addresses to one or more lists in a single request.  This import will create new contacts and append existing contacts.  Appending will not remove existing list memberships, only add new ones from the request.  This could be a much easier solution for you as it will require only a single API request for each list update you're looking to do.  Please keep in mind, this API is intended to be used only when you have reasonable expectations that there will be multiple contacts updated at the same time. (I.E. nightly syncing or uploading contacts based on the result of a query)

Dave Berard
Senior Product Manager, Constant Contact
Regular Participant

Please see PM with auth details.

Hey,

 

If you are passing the username in as the "apikey%username" and the password that you sent me and you are still getting a 403.  The only reason why this would happen is if you are doing http:// instead of https://.  I have verified this with your credentials and api key and had no problem until i used http://.  Our API lives behind the https://. 

Ryan Davis
Quality Engineer
Developer Portal

View API documentation, code samples, get your API key.

Visit Page