We are a firm that works with smaller companies that are trying to build their membership list. We allow our web visitors to identify their city and what firms they would like to join the e-mail list of. Then they hit "sign up" and our website posts their information directly into our client's e-mail list.
In some cases, we do this though a POST command that we pull from the HTML form that the company uses. This is how we do iContact for example. This doesn't SEEM to work for ConstantContact because I'm told there is no off-site direct post option. No matter what we do, apparently the user still has to go to ConstantContact to finalize the registration. Is this correct?
In other cases, we do this through an API. This is how we do MailChimp for example. The clients generates a unique API key and we use that to post directly to their system while maintaining their security. The ConstantContact customer support suggested we do this.
The problem, according to our developer, is that to use ConstantContact's API we need the Account Name and Account Password. This isn't an option - our clients aren't going to give us their login information.
I have to believe there is a method for a 3rd party to post a new subscriber to a ConstantContact e-mail list with that customer's approval but without having to know the client's password.
How do we do this? How do we, with the client's approval, post an e-mail address (and first name and zip code) to the client's e-mail list without (a) leaving our website and (b) without needing the client's login password.
Any help would be appreciated!
Currently the way that we allow contacts to be added into our system without the use of our Join My Mailing List form, which is on our site, would be to use our API's. Our API's have two forms of authentication that must be used.
The first form of authentication is OAUTH. With OAUTH, the developer does not need to know the password of the client; however, the client would need to initially put in their password on our side, which then stores an access token on your side, but does not store the password with you. You can find more about OAUTH here.
The second form of authentication is basic authentication, which does require the clients username, password, and also a valid API key which you can obtain from here.
If you have any questions regarding this please let me know.