The Community is hosting an End of Summer sweepstakes! Participants must complete tasks to earn tickets that will enter them with a chance to win a free year of Constant Contact and other great prizes!*
*No Purchase Necessary. For Official Rules, visit here. Constant Contact’s End of Summer 2020 Sweepstakes ends on October, 20, 2020 at 11:50 PM EST.

OAuth Out-Of-Band

Highlighted
Occasional Participant

OAuth Out-Of-Band

Should OAuth be used for out-of-band email signups?  During registration, I want to allow a user to opt-in and make the API call on the server-side.  Should OAuth be used or should the REST HTTPS API be used?

Tags (1)
6 REPLIES 6
Highlighted
Employee

Re: OAuth Out-Of-Band

Hey,

 

You could use either way type of authentication.  If you use oAuth of a sign up form, you would just need to store your Authentication information server-side and pass them into your calls.  It is preferred to use oAuth as when the time comes to change your username and password it will not interfere with your integration.  Other than that it will react the same way.

Ryan Davis
Quality Engineer
Highlighted
Occasional Participant

Re: OAuth Out-Of-Band

Thanks.  I wasn't able to get the 3-legged auth working from my test.  I will try again and post the code snippet.

Highlighted
Occasional Participant

Re: OAuth Out-Of-Band

To confirm... constant contact only supports 3-legged oauth, which requires browser authentication.  Is it possible to use oauth w/o requiring the user to authenticate?

Highlighted
Employee

Re: OAuth Out-Of-Band

Hey,

 

There are 3 current ways to authenticate, basic, oauth 1 and oauth2.  In order to use oauth you would need to get a token which is given after you grant access.  With out that its not going to give access to the account because it wouldnt be secure.

Ryan Davis
Quality Engineer
Highlighted
Occasional Participant

Re: OAuth Out-Of-Band

OK... So to confirm:

  It is not possible to use Oauth 1.0 or 2.0 w/o the user authenticating (logging in).

 


Highlighted
Employee

Re: OAuth Out-Of-Band

Hey,

 

That is correct,

 

You have to authenticate otherwise we wouldnt know where to put the contacts.  You dont have to login, you have to catch the token out of the parameter and store it locally or into a datbase.  Then you wouldnt have to login anymore becuase your credentials would be stored.

 

For instance, you would write a script to grant access.  It would return a verified token after granting access.  This token is now part of your credentials.  This eliminates the use of the password.  However if you do not save your token into a remote file, hard code it or preferably store it into a database it would have to keep re-authenticating for new tokens. 

 

Let me know if this helps.

Ryan Davis
Quality Engineer
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Constant Contact 2020 End of Summer Community Sweepstakes!

The Constant Contact User Community is hosting a sweepstakes. The more you participate, the more chances you have to win! Read on to learn more...

Read More
Featured