Let's say my name is Bob, and I have my own CC account with a user name of BobRocks. Now let's say someone else (who's name is Sue with her own CC account) grants me access to her account. When I go through the Oauth2 authorization process, and receive a token, with that token am I getting api access to my account (BobRocks) or Sue's account? Or both?
Solved! Go to Solution.
The answer to this is pretty straightforward. When you go through the OAuth process, you are asked for a username/password combination before you are allowed to grant access. With the current implementation of users in Constant Contact, a single username/password combination always resolves to a single Constant Contact account. Because of this, the Access Token that is generated at the end of the OAuth flow will always be for the user & account that were used during the sign-in step of the OAuth flow.
So in the scenario you provided, it depend on whether Bob used the login for his account (BobRocks) or his login for Sue's account. Whichever login he used during OAuth, that is the account the Access Token will be associated with.
If there's any follow-up questions or if I can clarify anything, please let me know!
Thanks. This confirms the testing we did today as well. I think the key step for the user is to make sure he uses a unique username when adding that new user to the account. This way, that added user can authorize for either his primary account or for the account to which he has been given access.
As an additional note that may make things a bit easier for you, Constant Contact does enforce that every username is unique. This means that even when adding a new user to a second account, you could not use a username that is already in use for any Constant Contact account.