Between 9pm - 11pm ET this Sat (9/18), we will be doing routine network maintenance. Please avoid usage of our API during this time frame - including any scheduled sync jobs. Thank you in advance for your patience.

403 creating a new list


403 creating a new list

I'm just getting familiar with the v2 API. Using PHP and no problem with GETS, but am having issues with POST requests. Have a few questions if someone can share a little experience.


I'm trying to create a new list, using the url Posting


"name":"Test List 1",


Getting back a 403 with result


[error_key] => user.privilege.forbidden

[error_message] => You don't have permission to perform this action; please see your account owner.


But when I get my privileges via "/account/user/privileges" I have "contacts:lists:write" in the privilege list.


Could a badly formatted payload also trigger a 403 response, because it doesn't seem like an actual privilege issue?


Should I be putting the api_key in the json aray that I post?


Is there a difference between a PUT request and a POST request? I see in the docs sometimes they say PUT and other times POST. Right now I'm using PUT because that seems to be what my wrapper wants for JSON content. If I change PUT to POST I get


[error_key] => query.param.invalid
[error_message] => The query parameter status is not supported.


FWIW I'm using the PHP-Oauth2 wrapper from I know Constant Contact offers library that I'd love to use, unfortunately I run into some dependency issues with other parts of the app that prevent me from being able to use that. I'm concerned that this wrapper isn't supporting posting JSON properly.


Does anyone else have any recommendations for possibly other 3rd party Oauth wrappers that they use with Constant Contact?


Thanks for any insight,








Hi Matt,


After looking over the information that you've provided, it looks like the issue you're running into here is that creating a list absolutely does require a PUT POST to the /v2/lists endpoint, and that is likely the source of the trouble you're seeing, as the PUT verb is not valid. However, it does appear that the wrapper you're using is adding some extra information to the POST request ( a "status" parameter ) that's causing an issue. 


Based on this, it seems that the issue may be that you're including parameters when calling the "fetch" method for the client in this wrapper. If you're able to share a snippet of your code, I would be happy to review it. Another option would be to try using an older version of our PHP SDK that has different dependencies. You can find that here:


Please let me know if you have any questions!



Elijah G.
API Support Engineer

Thanks for the reply. Wish I had know about the earlier API version sooner, would have saved me some time.


I figured out my own problem, which I'll detail here in case anyone else is using the PHP-OAuth2 wrapper from adoy at


Basically, the wrapper is not written to POST a data in JSON using curl. There is a partial solution to this posted here:


but this also introduced a problem. After applying the code fix above, I found that the wrapper was correctly setting the POSTFIELDS to the json encoded array.


$curl_options[CURLOPT_POSTFIELDS] = json_encode($parameters);

However, right after that is takes the aray and creates a query string out of it and adds it to the url:


if (is_array($parameters) && count($parameters) > 0) {
	$url .= '?' . http_build_query($parameters, null, '&');
} elseif ($parameters) {
	$url .= '?' . $parameters;

Once I removed this so it didn't mess with the endpoint URL, it worked like a charm.


Oh, and the other thing I was doing wrong was adding the api_key parameter to the array being passed in the POST, versus adding the api_key to as a query string to the endpoint.



Developer Portal

View API documentation, code samples, get your API key.

Visit Page