We all started somewhere! Share your experience on the Get Advice: Let's Get Started Sweepstakes thread and be entered to win a $100 credit on your Constant Contact account.

OAuth Out-Of-Band

JonathanS216
Regular Participant

OAuth Out-Of-Band

Should OAuth be used for out-of-band email signups?  During registration, I want to allow a user to opt-in and make the API call on the server-side.  Should OAuth be used or should the REST HTTPS API be used?

6 REPLIES 6
Ryan_D
Employee

Hey,

 

You could use either way type of authentication.  If you use oAuth of a sign up form, you would just need to store your Authentication information server-side and pass them into your calls.  It is preferred to use oAuth as when the time comes to change your username and password it will not interfere with your integration.  Other than that it will react the same way.

Ryan Davis
Quality Engineer
JonathanS216
Regular Participant

Thanks.  I wasn't able to get the 3-legged auth working from my test.  I will try again and post the code snippet.

To confirm... constant contact only supports 3-legged oauth, which requires browser authentication.  Is it possible to use oauth w/o requiring the user to authenticate?

Hey,

 

There are 3 current ways to authenticate, basic, oauth 1 and oauth2.  In order to use oauth you would need to get a token which is given after you grant access.  With out that its not going to give access to the account because it wouldnt be secure.

Ryan Davis
Quality Engineer
JonathanS216
Regular Participant

OK... So to confirm:

  It is not possible to use Oauth 1.0 or 2.0 w/o the user authenticating (logging in).

 


Hey,

 

That is correct,

 

You have to authenticate otherwise we wouldnt know where to put the contacts.  You dont have to login, you have to catch the token out of the parameter and store it locally or into a datbase.  Then you wouldnt have to login anymore becuase your credentials would be stored.

 

For instance, you would write a script to grant access.  It would return a verified token after granting access.  This token is now part of your credentials.  This eliminates the use of the password.  However if you do not save your token into a remote file, hard code it or preferably store it into a database it would have to keep re-authenticating for new tokens. 

 

Let me know if this helps.

Ryan Davis
Quality Engineer
Developer Portal

View API documentation, code samples, get your API key.

Visit Page