Should OAuth be used for out-of-band email signups? During registration, I want to allow a user to opt-in and make the API call on the server-side. Should OAuth be used or should the REST HTTPS API be used?
Hey,
You could use either way type of authentication. If you use oAuth of a sign up form, you would just need to store your Authentication information server-side and pass them into your calls. It is preferred to use oAuth as when the time comes to change your username and password it will not interfere with your integration. Other than that it will react the same way.
Thanks. I wasn't able to get the 3-legged auth working from my test. I will try again and post the code snippet.
To confirm... constant contact only supports 3-legged oauth, which requires browser authentication. Is it possible to use oauth w/o requiring the user to authenticate?
Hey,
There are 3 current ways to authenticate, basic, oauth 1 and oauth2. In order to use oauth you would need to get a token which is given after you grant access. With out that its not going to give access to the account because it wouldnt be secure.
OK... So to confirm:
It is not possible to use Oauth 1.0 or 2.0 w/o the user authenticating (logging in).
Hey,
That is correct,
You have to authenticate otherwise we wouldnt know where to put the contacts. You dont have to login, you have to catch the token out of the parameter and store it locally or into a datbase. Then you wouldnt have to login anymore becuase your credentials would be stored.
For instance, you would write a script to grant access. It would return a verified token after granting access. This token is now part of your credentials. This eliminates the use of the password. However if you do not save your token into a remote file, hard code it or preferably store it into a database it would have to keep re-authenticating for new tokens.
Let me know if this helps.