The Community is hosting an End of Summer sweepstakes! Participants must complete tasks to earn tickets that will enter them with a chance to win a free year of Constant Contact and other great prizes!*
*No Purchase Necessary. For Official Rules, visit here. Constant Contact’s End of Summer 2020 Sweepstakes ends on October, 20, 2020 at 11:50 PM EST.

Where does a user revoke my API grant?

Highlighted
Member

Where does a user revoke my API grant?

Hi,

this is not really an API question, but the chat support was unable to help me:

 

When one of my users get sent to the CC page and are asked to grant my company the right to access their account via the API, your page (https://oauth2.constantcontact.com/oauth2/oauth/confirm_access) says: "This access grant is persistent. It will remain in effect until you explicitly revoke it."

 

Now, if the user wants to revoke the grant, where does (s)he find this in their CC account pages? I've been looking around for a good while and come up empty. Or is this revokal something between me and the user, i.e. I should direct them to write me an angry letter, whereupon I will scratch their access token from our database?

 

Regards /Anders

2 REPLIES 2
Highlighted
Employee

Re: Where does a user revoke my API grant?

Hi Anders,

 

You are correct!  That is a generic message under the assumption to whomever is creating the program should be storing the access token for future reference.  Otherwise, the user would have to go through the whole process to obtain a new access token everytime.

 

You could build it into your program that ability for users to revoke the token or to deal with each request manually.  

 

Thanks,

 

 

Andrew Weber
Associate Product Manager for EventSpot
Highlighted
Moderator

Re: Where does a user revoke my API grant?

Token revocation can be done by calling Constant Contact support and requesting that the access to the application be revoked.  Currently there is no self service method for customers to revoke access to these applications though that is something we are looking to add in the future. 

 

As Andrew mentioned, you can also provide a method in your integration to allow them to delete the access token on your side.  This does not invalidate the token with Constant Contact, but it can be used for you to forget the token and stop using it.

Dave Berard
Senior Product Manager, Constant Contact
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Constant Contact 2020 End of Summer Community Sweepstakes!

The Constant Contact User Community is hosting a sweepstakes. The more you participate, the more chances you have to win! Read on to learn more...

Read More
Featured