The Community is hosting an End of Summer sweepstakes! Participants must complete tasks to earn tickets that will enter them with a chance to win a free year of Constant Contact and other great prizes!*
*No Purchase Necessary. For Official Rules, visit here. Constant Contact’s End of Summer 2020 Sweepstakes ends on October, 20, 2020 at 11:50 PM EST.

v1 API Can Add Contact in Browser but not from Code

Highlighted
GabeG4
Member
‎03-17-2015 03:07 PM
‎03-17-2015 03:07 PM

v1 API Can Add Contact in Browser but not from Code

We've been using the v1 API for a while with one of our contact forms. Our client believes contacts from this form stopped being added correctly about 6 months ago.

 

When I go to the URL manually in my browser, I get an HTTP 200 code and the contact gets added fine. This is the URL we use (with sensitive values removed, space after https added to defeat forum's auto-linking):

 

https ://api.constantcontact.com/0.1/API_AddSiteVisitor.jsp?loginName=OURLOGIN&loginPassword=OURPASSWORD&ea=CUSTOMEREMAIL&ic=CompanyName%20Live%203&First_Name=Test&Last_Name=Test&Postal_Code=00000

 

But when I try to make this request from code (ColdFusion) it seems to fail. I don't get any errors on our side though, which is making this annoying to debug. Best I can tell, the request is being sent out fine.

 

Do you folks have any idea what could be causing this?

0 Votes
Reply
1 REPLY 1
Highlighted
Elijah_G
Honored Contributor
‎03-23-2015 11:59 AM
‎03-23-2015 11:59 AM

Re: v1 API Can Add Contact in Browser but not from Code

Hello,

 

My apologies about the delay in being able to get back to you on this! Given that you are using ColdFusion, I suspect that the cause is because ColdFusion is not using a secure enough connection method when accessing the API over HTTPS. In November of last year two security changes were made to our API in order to prevent attackers from being able to decrypt data sent to/from our API:

  1. API Connections over HTTPS must use the TLSv1.0 protocol or newer. SSLv3 was previously allowed, but is no longer secure and has been disabled.
  2. Secure connections using TLSv1.0+ must use at least a basic form of AES encryption to protect the data being transmitted. RC4 was previously allowed but is not longer secure and has also been disabled.

While I have never operated a ColdFusion server personally, I suspect that you either need to change some settings in ColdFusion to force it to use more secure connection options (like your browser is already doing) or potentially upgrade to a new version of CF if it does not support AES encryption over TLSv1.0+.

 

If you have any questions, please feel free to ask and we will be happy to provide as much assistance as we can!

 

Sincerely,

 

Elijah G.
API Support Engineer
Reply
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Constant Contact 2020 End of Summer Community Sweepstakes!

The Constant Contact User Community is hosting a sweepstakes. The more you participate, the more chances you have to win! Read on to learn more...

Read More
Featured