Cannot do simple OAuth 2.0


Cannot do simple OAuth 2.0

Hi there, I am trying to do a very simple OAuth 2.0 to access campaign details. I have read the instructions and the OAuth topic on this forum. I keep getting the error: 

400 : A valid response_type must be supplied.

I have tried both response_type=code and response_type=token. Both fail with the same error. Here is the URL I am trying to send: response_type=code&client_id=xxxxxxxxxx&redirect_uri=http://localhost


This seems like a pretty basic thing to do, not sure why I am having so much difficulty. Any help is much appreciated.


Hello @SteveG3083,


Are you trying to do client flow authorization or server flow authorization?


If you are doing client flow then you need your response_type to be token.

example: response_type=token&client_id=<your_API_KEY>&redirect_uri=<your_encoded_redirect_URI>


If you are doing server flow then you do need to use the response_type as code, but you also need to make sure that you are using an encoded redirect URI. Let me give you an example of what I mean.



Jimmy D.
Tier II API Support Engineer

Thanks Jimmy. A couple of things:

1. I am using client side. I have used type "token" and still get the error.

2. How do I determine what the encrypted part of the URI is? Can't I just pass something like this: response_type=token&client_id=<>&redirect_uri=http://localhost


To be honest, I don't really want to code at all. When I signed up for a "professional" CRM application, I figured I could get a basic report of MY data: campaign name, date sent, person sent to...but it's not possible. You have queue it up and do it manually for each, of what, 100 campaigns I have...this is a dead basic requirement that any CRM system should be able to do...but here we are. Hopefully you can provide instructions on how to get this simple request working. Thanks.

Hi @SteveG3083,


Which CRM are you using? Constant Contact is not a CRM so that type of functionality is not built in to our system. You can retrieve that information through our API, or there are third party option that have already done the coding work for you. You may want to consider checking out our Marketplace for some options that are already there. Also look in to Cazoomi as they are a company that specifically works as a middle company to integrate two other companies. As an example Cazoomi can retrieve data from Constant Contact and send it to another program such as Excel, or a CRM.

Jimmy D.
Tier II API Support Engineer

You work for a CRM company and you don't even know what it is. CTCT is a Marketing Automation tool, which is absolutely a subset of CRM. You automate emails, do you not? I.e. you are a CRM company.


I am not purchasing or downloading any other app. TELL ME HOW TO MAKE your API work. Your instructions are patently FALSE. It DOES NOT work. Can't even authorize. I am sure there is some hack or other undocumented feature (i.e. DEFECT).


I am going to dispute the credit card charges if you can't give me access to MY data.

Hi @SteveG3083,


This is the exact line I send in and get a valid response back. The API Key used in this line is for my own test account so you will of course want to switch that out with your API Key.


Please make sure no additional spaces are added in when copy/pasting from here. When I copy/paste from our documentation or from these forums an extra space usually gets added after the ? which gives the error message you are seeing.


You will also need to log in to your Mashery account and then go to applictions. Click on edit for your API key and make sure that the redirect URI you have listed there is the same as what is in the provided line above. Our documentation has the example showing as https while my personal test account only uses http. The important part is that you encode the other characters :// and use the HTML entity versions %3A%2F%2F or they will not work correctly.


If you submit this line through a standard browser you will be prompted to log in to your Constant Contact username and password. Then you will be asked to click Allow. After that you will be given an error page, but the URL for the browser will be replaced with a new line that includes the Access Token. You will need to save the Access Token and use it to when sending any other requests through the API. I've replaced the actual Access Token in the screenshot below with x's but this is what the screen will look like when using the Chrome browser.


access token.jpg

Jimmy D.
Tier II API Support Engineer

That finally worked. ALL your documentation is wrong because it has an extra space after the '?'. Wasted hours of time figuring that out. Request that you please take the 10 minutes to fix the documentation...


Still getting Mashery login errors, but am able to work around by deleting the keyp/app and re-creating.

Developer Portal

View API documentation, code samples, get your API key.

Visit Page