cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I don't understand the API v3 flow

NCPC_DC
Occasional Participant
‎03-22-2021 10:38 AM
‎03-22-2021 10:38 AM

I don't understand the API v3 flow

From what I have been able to gather from reading and a little testing, the v3 API requires contacts to log into a Constant Contact account to grant permission to the application before they can sign up - is that correct?

 

In all the examples I have seen, there is an api_key, a token, and a redirect URI, but even though I created a secret key, it is not used - again from the examples I have seen. The authorization URI looks like this: "https://api.cc.email/v3/idfed?client_id={your_client_id}&redirect_uri=https%3A%2F%2Flocalhost%3A8888... but this takes the user (new contact) to the Constant Contact sign in page. 

 

This makes no sense to me, why would a new contact need to have a Constant Contact account -  and what is that secret key for if it is not used in the authentication? Or, am I missing something?

 

Any advice would be greatly appreciated,

Steve

0 Votes
1 REPLY 1
Courtney_E
Moderator
Moderator
‎04-27-2021 06:06 PM
‎04-27-2021 06:06 PM

Thank you for reaching out to Constant Contact API Developer Support and for your patience. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

When, for example, adding contacts to a list from a custom sign-up form app, the "user" referred to in the OAuth Server Flow would be the owner of the website who is setting up the form, as opposed to the contacts filling out the form. The owner of the website (and Constant Contact account) would grant the app access to their account during the initial setup of the form, after which the app would use step 5 of the Server Flow to exchange it's Refresh Token for a new pair of tokens whenever the Access Token expires, without the owner needing to log in again.

 

The Client Secret is used in step 4 of the V3 API OAuth2.0 Server Flow and is used to acquire the initial Access Token and Refresh Token.

 

V3 API OAuth2.0 Server Flow
https://developer.constantcontact.com/api_guide/server_flow.html

 

V3 API Token Overview
https://developer.constantcontact.com/api_guide/auth_overview.html#tokens


Regards,

Courtney E.
API Support Specialist

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
0 Votes
Developer Portal

View API documentation, code samples, get your API key.

Visit Page