We have a batch job that currently uses the version 2 api to push bulk updates from a main frame to constant contact. Due to the TLS 1.2 requirement, we were planning to rewrite the app to use the version 3 api, but the API does not appear to have an authentication route for automated system, the two listed pathes require user interaction for the authentication to occur.
Is there another authentication option or if not another mechanism to provide automated feeds.
Our v2 API required user interaction for authentication as well. The difference is the v2 API did not expire for a long time where as the v3 API expires in about 2 hours. However; once you do the initial user interaction (which was required in v2) then any additional refresh can happen automatically if you write your oAuth code correctly.
The part of oAuth in both v2 and v3 API that needs to have user interaction is when the user logs in to their Constant Contact account and clicks allow. After this everything else can be automated.
Interesting, it appears to never expires because we have the token saved as a configuration variable and just send it in the request. It's never expired in 4 years than.
The Access Token with our v2 API technically expires and it can be set to expire quicker, but the default is 315359999 seconds which is about 10 years. You can view this in our documentation here. Search for "Access Token Response" and it is in that section.
When we released our v3 we decided that wasn't the most secure of expiration timeouts so we changed it to expire quicker. However; once you get the Access Token while you will not want to hard code that anymore you can still write your code to refresh that automatically without any further user interaction.
Still not a good answer. I think your assuming the job is continuously running, and can perform a refresh. However it is a scheduled job that executes once at 2AM and takes about 25 seconds. It's not executing for the rest of the time.
So how would it get the initial token, without user interaction?
The initial token requires user interaction; this was also the case with our v2 API. There was no way you could get an Access Token with our v2 API that did not involve the owner of the Constant Contact account interacting and granting permission to your application.
When using the v3 API this initial token will also require user interaction, but that is the only time that it will be required. After you have the initial token you can store that data just like when using the v2 API. However; after two hours have passed you will be prompted that the token has expired. In that instance you will then need to go through the refresh portion of the v3 oAuth. The refresh portion does not require interaction from the user.
When doing the refresh part of oAuth you will be provided with a new Access Token which you will replace the original token with and it will last for two hours. After which you will need to go through the refresh portion again. Please keep in mind the refresh portion can all be coded to happen automatically so that it does not require any interaction from the developer or the user.
You can see both a cURL and PHP example of the full oAuth process here.