Solved: Re: API using Java - 400 Error when requesting Acc... - Constant Contact Community

MikeK7170 · ‎11-16-2021

I have a process that gets an Authentication token with no issue, Then the process runs trying to get an access token. When this runs I always get a 400 Error. The process uses the Auth Token received just seconds ago.... always get a 400 Error.

Request to get Authorization token goes to (with id and domain obscured of course):

https://idfed.constantcontact.com/as/authorization.oauth2?pfidpadapterid=ctctOAuth2IdpAdapter&client...

This returns an Authorization code that is generally 40 characters long. I then pass it to a url like the following (tweaked again of course):

https://idfed.constantcontact.com/as/token.oauth2?code=ihvDmqXaltqX25EtNjXWU28npLAS62g1BVpULgDJ&gran...

The immediately above url is generated in Java code, and a "POST" using HttpsURLConnection (just like the API Doc examples show) is used. However, the first line to investigate the result of the HttpsURLConnection throws a 400 Error. The basic code is below (obscured).

StringBuilder authResult = new StringBuilder();

// Make authorization header with API Key:API Secret and encode
System.out.println("thisAPIKey = " + thisAPIKey);
System.out.println("thisAPISecret = " + thisAPISecret);
String credentials = thisAPIKey + ":" + thisAPISecret;
//Content-Type: application/x-www-form-urlencoded
String auth = "Basic " + Base64.getEncoder().encodeToString(credentials.getBytes());
//String auth = DatatypeConverter.printBase64Binary(credentials.getBytes());

System.out.println("auth is set without error");
System.out.println("auth = " + auth.toString());

// Create request URL
StringBuilder requestUrl = new StringBuilder()
.append("https://idfed.constantcontact.com/as/token.oauth2")
.append("?code=")
.append(codeParam) // this is the AuthorizationCode that is retrieved initially and passed to this process
.append("&grant_type=authorization_code")
.append("&redirect_uri=")
.append(redirectUri);

URL authorizeUrl = new URL(requestUrl.toString());

System.out.println("URL is set");

HttpsURLConnection con = null;
con = (HttpsURLConnection) authorizeUrl.openConnection();
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, new java.security.SecureRandom());
con.setSSLSocketFactory(sc.getSocketFactory());

System.out.println("connection is made");

// Set Method
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
// Add Auth Header
con.setRequestProperty("Authorization", auth);
con.setDoInput(true);

InputStream content = null;
BufferedReader inVal = null;
con.setConnectTimeout(40000);

// Read response from server
inVal = new BufferedReader(new InputStreamReader(con.getInputStream()));

Everything is running fine up to the last line above, which is the first attempt to use the return information from the HttpsURLConnection.

The error I get from Java is an IOException error:

java.io.IOException: Server returned HTTP response code: 400 for URL:
https://idfed.constantcontact.com/as/token.oauth2?code=ihvDmqXaltqX25EtNjXWU28npLAS62g1BVpULgDJ&gran...

Any help would be appreciated. I have spent a fair amount of time trying to solve on my own with no success.

Thanks

Mike KInder

Courtney_E · ‎11-17-2021

Hello Mike,

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

Looking at our logs for the authorization code that you provided, as well as the related key within the account, I was able to find a few error responses in regards to the issue that you are experiencing:

"Authorization code is invalid or expired."

This appears to be the primary issue. The authorization code only has a 60 second lifetime before it expires, so once it is generated it needs to be exchanged for your first token set within that 60 second window or you will receive an error response:

Retrieve the Authorization Code

https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-3-retrieve-the-authorizatio...

“redirect_uri value must be identical to the value included in the authorization request."

The redirect URI used when exchanging the Authorization code for a token set must match exactly both the redirect URI that was used in your Authorization Request URL, as well as the Redirect URI within your App Details for the key.

Also, it looks like in some attempts, the grant_type was set to the value “authorization” and it needs to always be “authorization_code”

Exchange the Authorization Code for an Access Token and a Refresh Token

https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-4-exchange-the-authorizatio...

Please have a look and let us know if you have any other questions!

Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

View solution in original post

Courtney_E · ‎11-17-2021

Hello Mike,

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

Looking at our logs for the authorization code that you provided, as well as the related key within the account, I was able to find a few error responses in regards to the issue that you are experiencing:

"Authorization code is invalid or expired."

This appears to be the primary issue. The authorization code only has a 60 second lifetime before it expires, so once it is generated it needs to be exchanged for your first token set within that 60 second window or you will receive an error response:

Retrieve the Authorization Code

https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-3-retrieve-the-authorizatio...

“redirect_uri value must be identical to the value included in the authorization request."

The redirect URI used when exchanging the Authorization code for a token set must match exactly both the redirect URI that was used in your Authorization Request URL, as well as the Redirect URI within your App Details for the key.

Also, it looks like in some attempts, the grant_type was set to the value “authorization” and it needs to always be “authorization_code”

Exchange the Authorization Code for an Access Token and a Refresh Token

https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-4-exchange-the-authorizatio...

Please have a look and let us know if you have any other questions!

Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

MikeK7170 · ‎12-03-2021

Hi Courtney, I will mark your response as the solution, but to be specific, it was the redirect_uri. I missed that each leg of the Authorization had to be the same, and I was trying to point to a different one on the second leg. Once changed to the same redirect, it worked. So, thanks.

Courtney_E · ‎12-06-2021

Hello MikeK7170,

Thank you for reaching out to Constant Contact API Developer Support.

Glad you were able to get this resolved!

Please let us know if you have any other questions.

Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

API using Java - 400 Error when requesting Access Token

Developer Portal

API Updates