Maybe I'm missing something, but I don't understand how the OAuth flow works when adding contacts to a list from a "Email Signup" form on a website, where the user obviously doesn't have access to the Constant Contact account. The API method I'm looking at is here: https://v3.developer.constantcontact.com/api_guide/contacts_create_or_update.html
OAuth authentication just doesn't make sense in this scenario.
I spent a lot of time on this, and it doesn't appear that non-interactive Oauth is possible with the v3 api. It renders their api useless for server-to-server applications.
I basically asked the same question about a week ago See Here and I have received no replies. I am beginning to doubt the helpfulness of this forum.
Thank you for reaching out to Constant Contact API Developer Support and for your patience. My team is here to assist outside software developers with questions about building into Constant Contact's API.
When adding contacts to a list from a custom sign-up form app, the "user" referred to in the OAuth Server Flow would be the owner of the website who is setting up the form, as opposed to the contacts filling out the form. The owner of the website (and Constant Contact account) would grant the app access to their account during the initial setup of the form, after which the app would use step 5 of the Server Flow to exchange it's Refresh Token for a new pair of tokens whenever the Access Token expires, without the owner needing to log in again.
V3 API OAuth2.0 Server Flow
V3 API Token Overview
Same problem here.
In V2 of the API
We have a simple HTML/PHP signup form on a basic landing page
that brings us to v3... :(. . .
I think you are right, so far it has proven Impossible to accomplish the simple task of
"adding 1 user to a specific list with some custom fields"
Other problems we ran into:
V3 does not work for adding 1 contact to a list after they fill out a form.
Ergo: Our solution was and still is to use v2
(or switch to another platform that has a working API, which seems rude/inappropriate to talk about any further in this forum)
Sorry... but you are not alone!
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
While V2 API Access tokens are valid for 10 years, V3 Access tokens automatically expire two hours after their last use, with a maximum lifetime of twenty four hours. This ensures a higher level of security for the connection. The V3 refresh token does not expire unless it is used or a new refresh token has been generated. Refresh tokens can only be used once, as generating a new set of tokens causes all previous tokens to expire.
You will need to set the access token and the refresh token as values for corresponding variables in your application, so that when your program runs through step 5 of the OAuth2.0 Server Flow to get the new set of tokens it can assign new values to those variables to maintain an authenticated connection.
V3 API - Refresh the Access Token
How to Make Access Tokens Last Longer
You can use the POST /contacts/sign_up_form endpoint to add a new contact to an account or update an existing contact based on their email address.
Create or Update a Contact
The request for V3 application code samples is currently under review. However, we're currently still adding endpoints and capabilities to the V3 API, and do not plan to publish official SDKs or sample apps until that process is complete. Your feedback and experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.
In the meantime, here are the example calls that are currently available for V3: