Constant Contact
Constant Contact Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

v1 API Can Add Contact in Browser but not from Code

GabeG4
GabeG4
Member
‎03-17-2015 03:07 PM
‎03-17-2015 03:07 PM

v1 API Can Add Contact in Browser but not from Code

We've been using the v1 API for a while with one of our contact forms. Our client believes contacts from this form stopped being added correctly about 6 months ago.

 

When I go to the URL manually in my browser, I get an HTTP 200 code and the contact gets added fine. This is the URL we use (with sensitive values removed, space after https added to defeat forum's auto-linking):

 

https ://api.constantcontact.com/0.1/API_AddSiteVisitor.jsp?loginName=OURLOGIN&loginPassword=OURPASSWORD&ea=CUSTOMEREMAIL&ic=CompanyName%20Live%203&First_Name=Test&Last_Name=Test&Postal_Code=00000

 

But when I try to make this request from code (ColdFusion) it seems to fail. I don't get any errors on our side though, which is making this annoying to debug. Best I can tell, the request is being sent out fine.

 

Do you folks have any idea what could be causing this?

0 Votes
Reply
1 REPLY 1
Elijah_G
Honored Contributor
‎03-23-2015 11:59 AM
‎03-23-2015 11:59 AM

Re: v1 API Can Add Contact in Browser but not from Code

Hello,

 

My apologies about the delay in being able to get back to you on this! Given that you are using ColdFusion, I suspect that the cause is because ColdFusion is not using a secure enough connection method when accessing the API over HTTPS. In November of last year two security changes were made to our API in order to prevent attackers from being able to decrypt data sent to/from our API:

  1. API Connections over HTTPS must use the TLSv1.0 protocol or newer. SSLv3 was previously allowed, but is no longer secure and has been disabled.
  2. Secure connections using TLSv1.0+ must use at least a basic form of AES encryption to protect the data being transmitted. RC4 was previously allowed but is not longer secure and has also been disabled.

While I have never operated a ColdFusion server personally, I suspect that you either need to change some settings in ColdFusion to force it to use more secure connection options (like your browser is already doing) or potentially upgrade to a new version of CF if it does not support AES encryption over TLSv1.0+.

 

If you have any questions, please feel free to ask and we will be happy to provide as much assistance as we can!

 

Sincerely,

 

Elijah G.
API Support Engineer
Reply