The Community is hosting an End of Summer sweepstakes! Participants must complete tasks to earn tickets that will enter them with a chance to win a free year of Constant Contact and other great prizes!*
*No Purchase Necessary. For Official Rules, visit here. Constant Contact’s End of Summer 2020 Sweepstakes ends on October, 20, 2020 at 11:50 PM EST.

403 creating a new list

Highlighted
Occasional Visitor

403 creating a new list

I'm just getting familiar with the v2 API. Using PHP and no problem with GETS, but am having issues with POST requests. Have a few questions if someone can share a little experience.

 

I'm trying to create a new list, using the url https://api.constantcontact.com/v2/lists. Posting

 

{
"api_key":"xxxxxxxxxxxxx",
"name":"Test List 1",
"status":"ACTIVE"
}

 

Getting back a 403 with result

 

[error_key] => user.privilege.forbidden

[error_message] => You don't have permission to perform this action; please see your account owner.

 

But when I get my privileges via "/account/user/privileges" I have "contacts:lists:write" in the privilege list.

 

Could a badly formatted payload also trigger a 403 response, because it doesn't seem like an actual privilege issue?

 

Should I be putting the api_key in the json aray that I post?

 

Is there a difference between a PUT request and a POST request? I see in the docs sometimes they say PUT and other times POST. Right now I'm using PUT because that seems to be what my wrapper wants for JSON content. If I change PUT to POST I get

 

[error_key] => query.param.invalid
[error_message] => The query parameter status is not supported.

 

FWIW I'm using the PHP-Oauth2 wrapper from https://github.com/adoy/PHP-OAuth2. I know Constant Contact offers library that I'd love to use, unfortunately I run into some dependency issues with other parts of the app that prevent me from being able to use that. I'm concerned that this wrapper isn't supporting posting JSON properly.

 

Does anyone else have any recommendations for possibly other 3rd party Oauth wrappers that they use with Constant Contact?

 

Thanks for any insight,

Matt

 

 

 

 

 

2 REPLIES 2
Highlighted
Honored Contributor

Re: 403 creating a new list

Hi Matt,

 

After looking over the information that you've provided, it looks like the issue you're running into here is that creating a list absolutely does require a PUT POST to the /v2/lists endpoint, and that is likely the source of the trouble you're seeing, as the PUT verb is not valid. However, it does appear that the wrapper you're using is adding some extra information to the POST request ( a "status" parameter ) that's causing an issue. 

 

Based on this, it seems that the issue may be that you're including parameters when calling the "fetch" method for the client in this wrapper. If you're able to share a snippet of your code, I would be happy to review it. Another option would be to try using an older version of our PHP SDK that has different dependencies. You can find that here: https://github.com/constantcontact/php-sdk/tree/v1-master

 

Please let me know if you have any questions!

 

Sincerely,

Elijah G.
API Support Engineer
Highlighted
Occasional Visitor

Re: 403 creating a new list

Thanks for the reply. Wish I had know about the earlier API version sooner, would have saved me some time.

 

I figured out my own problem, which I'll detail here in case anyone else is using the PHP-OAuth2 wrapper from adoy at https://github.com/adoy/PHP-OAuth2

 

Basically, the wrapper is not written to POST a data in JSON using curl. There is a partial solution to this posted here:

 

https://github.com/adoy/PHP-OAuth2/issues/54#issuecomment-205217849

 

but this also introduced a problem. After applying the code fix above, I found that the wrapper was correctly setting the POSTFIELDS to the json encoded array.

 

$curl_options[CURLOPT_POSTFIELDS] = json_encode($parameters);

However, right after that is takes the aray and creates a query string out of it and adds it to the url:

 

if (is_array($parameters) && count($parameters) > 0) {
	$url .= '?' . http_build_query($parameters, null, '&');
} elseif ($parameters) {
	$url .= '?' . $parameters;
}

Once I removed this so it didn't mess with the endpoint URL, it worked like a charm.

 

Oh, and the other thing I was doing wrong was adding the api_key parameter to the array being passed in the POST, versus adding the api_key to as a query string to the endpoint.

 

 

Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Constant Contact 2020 End of Summer Community Sweepstakes!

The Constant Contact User Community is hosting a sweepstakes. The more you participate, the more chances you have to win! Read on to learn more...

Read More
Featured