We are currently testing ConstantContact API to create mailinglists. One thing I noticed was, the API still works with the old password even after changing this via constantcontact website. Is it a known issue?
This is a caching issue on our Authentication server. For performance reasons, Authentication data (username/password) is stored on our caching server for a short period of time after each successful request. I just manually cleared the cache so you should now be receiving an error message when using the old password.
When this issue could be resloved? is there any other way that I can show some error message when I use the old password soon after updating the new password?
I manually flushed our Authentication cache earlier this morning. If you are still able to connect with the old password, that would indicate that that is still the current password. You can confirm this manually by using the same username/password combination here: http://www.constantcontact.com/login.jsp.
Normally, this would not even be something a typical user sees since there is at most a few minute delay in the Authenticaion cache updating for the API access and this also is only applicable if the API is accessed just before changing the password (which is not a typical user scenario). The only time I've previously run into this scenario was during internal testing of some password flows when everything was being done in real time.