We all started somewhere! Share your experience on the Get Advice: Let's Get Started Sweepstakes thread and be entered to win a $100 credit on your Constant Contact account.

iOS SDK OAuth 2.0 authentication issue


iOS SDK OAuth 2.0 authentication issue

I have the need to integrate Constant Contact into my app and it appears the I am receiving an error while generating an access token. I first created an API key without a redirect URI and tried implementing that in the app with no success. It fails on the below endpoint...




Typically, if a person were to create a URL scheme in an app they would do something like myapp://. Then when creating a OAuth 2.0 API key they would enter myapp:// as the redirect URI. I then tried to create a 2nd API key with the aforementioned URL as the redirect URI and the API key generation page says it's invalid. I then created the 2nd API key http://google.com. When I then try to test the implementation, the below URL returns 200 but no access token.




As previously mentioned, the correct redirect URI would look like this in the request...




Any help would be greatly appreciated.



Hi Jason,


Currently it is not possible to do a myapp:// link for the redirect URI on any API keys. However, I am going to have our development team look into this to see if this is something that we can add to the API functionality. It may make it a bit easier to make the case for this change if you can provide a reference to another API that has this function.



Elijah G.

API Support Specialist

Elijah G.
API Support Engineer

We do currently require the redirect_uri parameter to be in the format http{s}://{optionalsubmain}.{somedomain}.{sometld}.  In a mobile application, what this is doesn't matter as the OAuth 2.0 Client flow never actually posts back to a server to load a page.  The redirect to the website you have int he redirect_uri is actually instead intercepted on the phone in the webkit window which captures the fragment with the access code and then exchanges it for the access token.


The website you put in there doesn't need to be valid for mobile applications.  It does need to be valid for OAuth 2.0 server flow so we have chosen to make the validation tighter.  This is mostly because of the problems we've seen in the past with people entering invalid URIs for the server flow and then having problems.  Since the client flow is less restrictive, we have chosen to just apply the same validation for both since it doesn't really matter for client. 


Sorry for the inconvenience.  Let me know if there is some specific reason that there would be that you can't use a full URI for this flow based on an iOS restriction or limitation and we will go back and look at this again.  Thanks!

Dave Berard
Senior Product Manager, Constant Contact
Developer Portal

View API documentation, code samples, get your API key.

Visit Page