cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
We all started somewhere! Share your experience on the Get Advice: Let's Get Started Sweepstakes thread and be entered to win a $100 credit on your Constant Contact account.

OAuth Out-Of-Band

JonathanS216
Regular Participant
‎12-21-2011 02:36 PM
‎12-21-2011 02:36 PM

OAuth Out-Of-Band

Should OAuth be used for out-of-band email signups?  During registration, I want to allow a user to opt-in and make the API call on the server-side.  Should OAuth be used or should the REST HTTPS API be used?

0 Votes
6 REPLIES 6
Ryan_D
Employee
Employee
‎12-28-2011 01:50 PM
‎12-28-2011 01:50 PM

Hey,

 

You could use either way type of authentication.  If you use oAuth of a sign up form, you would just need to store your Authentication information server-side and pass them into your calls.  It is preferred to use oAuth as when the time comes to change your username and password it will not interfere with your integration.  Other than that it will react the same way.

Ryan Davis
Quality Engineer
0 Votes
JonathanS216
Regular Participant
In response to Ryan_D
‎12-28-2011 02:56 PM
‎12-28-2011 02:56 PM

Thanks.  I wasn't able to get the 3-legged auth working from my test.  I will try again and post the code snippet.

0 Votes
JonathanS216
Regular Participant
In response to JonathanS216
‎12-29-2011 11:04 PM
‎12-29-2011 11:04 PM

To confirm... constant contact only supports 3-legged oauth, which requires browser authentication.  Is it possible to use oauth w/o requiring the user to authenticate?

0 Votes
Ryan_D
Employee
Employee
In response to JonathanS216
‎12-29-2011 11:10 PM
‎12-29-2011 11:10 PM

Hey,

 

There are 3 current ways to authenticate, basic, oauth 1 and oauth2.  In order to use oauth you would need to get a token which is given after you grant access.  With out that its not going to give access to the account because it wouldnt be secure.

Ryan Davis
Quality Engineer
0 Votes
JonathanS216
Regular Participant
In response to Ryan_D
‎01-02-2012 09:20 AM
‎01-02-2012 09:20 AM

OK... So to confirm:

  It is not possible to use Oauth 1.0 or 2.0 w/o the user authenticating (logging in).

 


0 Votes
Ryan_D
Employee
Employee
In response to JonathanS216
‎01-03-2012 01:33 PM
‎01-03-2012 01:33 PM

Hey,

 

That is correct,

 

You have to authenticate otherwise we wouldnt know where to put the contacts.  You dont have to login, you have to catch the token out of the parameter and store it locally or into a datbase.  Then you wouldnt have to login anymore becuase your credentials would be stored.

 

For instance, you would write a script to grant access.  It would return a verified token after granting access.  This token is now part of your credentials.  This eliminates the use of the password.  However if you do not save your token into a remote file, hard code it or preferably store it into a database it would have to keep re-authenticating for new tokens. 

 

Let me know if this helps.

Ryan Davis
Quality Engineer
0 Votes
Developer Portal

View API documentation, code samples, get your API key.

Visit Page