Here is the pretty straight forward code:
<?php
session_start();
include_once('ctcSupport/ConstantContact.php');
$userName = 'someuser';
$apiKey = 'somekey';
$consumerSecret = 'comesecret';
$accessToken='tokengenerated';
$Datastore = new CTCTDataStore();
$sessionConsumer = array(
'key' => $apiKey,
'secret' => $consumerSecret,
'username' => $userName,
);
$Datastore->addUser($sessionConsumer);
$DatastoreUser = $Datastore->lookupUser($userName);
if($DatastoreUser){
$ConstantContact = new ConstantContact('oauth', $apiKey, $DatastoreUser['username'], $consumerSecret);
$ContactLists = $ConstantContact->getLists();
if(isset($_POST['emailAddress'])){
$Contact = new Contact();
$Contact->emailAddress = $_POST['emailAddress'];
$Contact->firstName = $_POST['first_name'];
$Contact->lastName = $_POST['last_name'];
$Contact->lists = $_POST['contactListName'];
$NewContact = $ConstantContact->addContact($Contact);
}
}
?>
I'm following everything that is mentioned in the wiki, api samples, etc etc, and why still I get
HTTP Status 401 - Invalid token:$tokenValue
where the $tokenValue is same as the apiKey.
Shouldn't this be the token that is generated once on the fly and then re-used? Where does that token come in to the picture?
Hello,
This code is using OAuth authentication, With OAuth, if not yet authenticated, you should be redirected to a Constant Contact login page, and after logging in with valid account credentials will be asked to Allow or Deny access for your application to that account's resources. The remainder of the OAuth flow should return an access token that is different from the API Key, and this access token is what is stored on your server and used to authentication subsequent API Requests.
The error message is telling you your access token is invalid, not your API Key, so you'll need to determine why that's happening. It's not clear from the code you've posted.
There is a major issue with the way you're using the library that is basically guaranteed to cause a failure to authenticate. With OAuth 2.0, you need to receive an Access Token that is unique to your API key and the Constant Contact account you're authenticating with. The library has support for getting this token built in. In your example, this flow is never being called so I don't see how you would ever be getting an actual Authentication Token for using (and of course storing in the Datastore).
Here is the code, taken from our Github Wiki found here, to call OAuth and store it in the DataStore:
<?php
include_once('ConstantContact.php'); session_start(); // Session variables must be enabled by default
// Set variables $api_key = 'API KEY'; // API Key $consumer_secret = 'CONSUMER SECRET'; // Consumer Secret $callback_url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
// Instantiate CTCTOAuth class with credentials $CTCTOAuth = new CTCTOAuth($api_key, $consumer_secret, $callback_url);
if(!$_GET['oauth_verifier']){ //Step 1: Obtain a request token for the new OAuth consumer $CTCTOAuth->getRequestToken();
// Store request_token and secret for use after the authorization has been granted $_SESSION['request_token'] = $CTCTOAuth->request_token->key; $_SESSION['request_secret'] = $CTCTOAuth->request_token->secret;
//Step 2: Send the user to Constant Contact for authorization header('Location: '.$CTCTOAuth->generateAuthorizeUrl());
} else { //Step 3: Once authorized, exchange the request token for an access token
// Create a request_token from the SESSION variables we stored in Step 2 $requestToken = new OAuthToken($_SESSION['request_token'], $_SESSION['request_secret']); $CTCTOAuth->request_token = $requestToken;
// Set the authorized username $CTCTOAuth->username = $_GET['username'];
//Step 4: Request an access token using the 'oauth_verifier' returned from Constant Contact $CTCTOAuth->getAccessToken($_GET['oauth_verifier']);
// Create an authorized user and add it to the CTCTDataStore $sessionConsumer = array( 'key' => $CTCTOAuth->access_token->key, 'secret' => $CTCTOAuth->access_token->secret, 'username' => $CTCTOAuth->username );
// Add new user to the datastore $Datastore = new CTCTDataStore(); $Datastore->addUser($sessionConsumer); } ?>
Thanks everyone for the reply.
In the first few line, $accessToken=tokengenerated is that token, that I got from the whole page redirect etc etc exercise.
ANyways, I will take a look at the posted code and see whats happening.
Dave: Thanks for the reply.
Here is the rundown of what I did. I went to the Wiki and looked at the example folder on how to add a contact to the contact list.
Given your reply, does this means the example is inherently wrong? I'm posting here so, that you know and the community can see what I had to begin with:
The code you have will only prompt an OAuth authenticaion flow (which would bring you to the login screen to grant access to the application for a specific account) if the $Datastore = new CTCTDataStore(); call does not load up your username. The DataStore in the sample is inheritently incomplete code. Since we don't know how you store data on your server, we have not coded a permanent storage feature into that piece of the code. You would need to implement yor server side storage implementation (SQL, NoSQL, text, encrypted text, etc.) that you want to use to store the content and load the stored content for this to work.