Access token expired in V3

Occasional Participant

Access token expired in V3

I am looking to upgrade constant contact api to V3 api. For making api calls I need the access token. I generated access token using OAuth2.0 Client Flow. And tested  api call get contacts. Its is working. After few times I call the api but gives the error unauthorized access token. It was because of the access token get expired. In OAuth2.0 Client Flow it is saying that the life span of access token in some hours.


So how I use this for long term use. That is I have to generate new access token time to time and it is not practical.

Currently I am using the api to retrieve/add/update contacts to constant contact account. In constant contact  api I don't face this type of issue, because there access token is not expired.


Hello @AprilD761 ,


Thank you for reaching out to Constant Contact's API Support.


If you continue going through the oAuth documentation for v3 you will notice that it mentions a Refresh Token section after the Access Token section. You use the Refresh Token to get a new Access Token. You can find this documentation here

Jimmy D.
Tier II API Support Engineer
Occasional Participant

Yes, I tried the OAuth2.0 Server Flow also.

As you mentioned, we use the Refresh Token to get a new Access Token. This will also expire. In step 4, we can generate Access Token and a Refresh Token using Authorization Code. And when the Access Token expired using the Refresh Token we can regenerate new Access Token and refresh token.


That is time to time Access Token get expired and using the refresh token we generate new access token.


So time to time I have to change the code. Right?



Refresh Tokens do not expire the way that Access Tokens do.


When using the Server flow, you are given a Refresh Token as well as an Access Token. When your Access Token has expired, you can exchange the Refresh Token for a new Access Token as well as a new Refresh Token. You would then continue doing this with the new Refresh Tokens obtained.

David B.
Tier II API Support Engineer



Occasional Participant


As you said

Refresh Tokens do not expire the way that Access Tokens do.


I got:  string(92) "{"error_description":"unknown, invalid, or expired refresh token","error":"invalid_grant"} "


My code is: 

function refreshToken($refreshToken, $clientId, $clientSecret) {
    $ch = curl_init();
    $base = '';
    $url = $base . '?refresh_token=' . $refreshToken . '&grant_type=refresh_token';
    curl_setopt($ch, CURLOPT_URL, $url);
    $auth = $clientId . ':' . $clientSecret;
    $credentials = base64_encode($auth);
    $authorization = 'Authorization: Basic ' . $credentials;
    curl_setopt($ch, CURLOPT_HTTPHEADER, array($authorization));

    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    $result = curl_exec($ch);
    return $result;
$refreshToken = "xxxxxx";

var_dump(refreshToken($refreshToken,  $clientId, $clientSecret));

Hi @AprilD761,


Your code looks correct. You would get an error if somehow the $refreshToken was accidentally pulling in the Access Token instead of the previous Refresh Token. Since we cannot see the rest of the code I would ensure it is pulling in the correct value.

Jimmy D.
Tier II API Support Engineer
Consulting & Training

If the access token is expired, will it return 401 The Access Token used is invalid, and after detecting that has happened, that is when to use the Refresh token to ask for another Access Token? Or is it recommended to periodically request a new access token to keep the Access Token from expiring?

Developer Portal

View API documentation, code samples, get your API key.

Visit Page