Api key and access token should be in same account

Occasional Participant

Api key and access token should be in same account

Hello everyone,


Currently i am using "Constant Contact PHP SDK for v2 API" , I am assuming there is an issue while using "add contact" form. I found issue when I was using two different accounts API key and Access token. For example: I used API key of abc's account and access token of xyz's account. I am not getting any error message.


Is this an issue or I am doing something wrong? Please help.


Thanks & Regards


Hello abhisheks822,


Thanks for reaching out to Constant Contact's API Support.


The API key is registered to whatever account you created for your API key. If your integration is going to only be used with one Constant Contact account then you can generate the Access Token in relation to the API key and then put that in your code. However; if you are going to allow multiple users to use your integration each one will need to authenticate which will generate an Access Token for each of those users individually.


In the PHP SDK there is an example of how to get the Access Token. (https://github.com/constantcontact/php-sdk/blob/master/examples/getAccessToken.php)


Jimmy D.
Tier II API Support Engineer

Hey jimmy_d,


Thanks for reply. Actually, I have an issue "redirect_uri_mismatch" when I am using (https://github.com/constantcontact/php-sdk/blob/master/examples/getAccessToken.php). Please look my code given below. If I am doing something wrong, please suggest me.


<title>Constant Contact API v2 OAuth2 Example</title>
<link href="//netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href="styles.css" rel="stylesheet">

README: Get an access token
This example flow illustrates how to get an access token for a Constant Contact account owner using the OAuth2 server flow.
You must have a valid Constant Contact API Key, consumer sercret, and associated redirect_uri. All of these can be obtained from

// require the autoloaders
require_once $_SERVER['DOCUMENT_ROOT'].'/api/new_constantcontact/src/Ctct/autoload.php';
require_once $_SERVER['DOCUMENT_ROOT'].'/api/new_constantcontact/standalone/vendor/autoload.php';

use Ctct\Auth\CtctOAuth2;
use Ctct\Exceptions\OAuth2Exception;

// Enter your Constant Contact APIKEY, CONSUMER_SECRET, and REDIRECT_URI
define("APIKEY", "MY_API_KEY");
define("REDIRECT_URI", "https://oauth2.constantcontact.com/oauth2/oauth/siteowner/authorize?response_type=code&client_id=MY_...");

// instantiate the CtctOAuth2 class

<div class="well">
<h3>OAuth 2 Authorization Example</h3>

// print any error from Constant Contact that occurs during the authorization process
if (isset($_GET['error'])) {
echo '<span class="label label-important">OAuth2 Error!</span>';
echo '<div class="container alert-error"><pre class="failure-pre">';
echo 'Error: ' . htmlspecialchars( $_GET['error'] );
echo '<br />Description: ' . htmlspecialchars( $_GET['error_description'] );
echo '</pre></div>';

// If the 'code' query parameter is present in the uri, the code can exchanged for an access token
if (isset($_GET['code'])) {
try {
$accessToken = $oauth->getAccessToken($_GET['code']);
} catch (OAuth2Exception $ex) {
echo '<span class="label label-important">OAuth2 Error!</span>';
echo '<div class="container alert-error"><pre class="failure-pre">';
echo 'Error: ' . htmlspecialchars( $ex->getMessage() ) . "\n";
echo "Error Details: \n";
echo htmlspecialchars( print_r( $ex->getErrors() ) );
echo '</pre></div>';

echo '<span class="label label-success">Access Token Retrieved!</span>';
echo '<div class="container alert-success"><pre class="success-pre">';
htmlspecialchars( print_r( $accessToken ) );
echo '</pre></div>';

} else {
<!-- If the 'code' query parameter is not present, display the link the user needs to visit to initiate the oauth flow -->
<button class="btn btn-primary" type="button"
onclick="window.location.href='<?php echo $oauth->getAuthorizationUrl(); ?>';">Get Access Token
<?php } ?>


Hi ahisheks,


In this line here is where you are having the issue.

define("REDIRECT_URI", "https://oauth2.constantcontact.com/oauth2/oauth/siteowner/authorize?response_type=code&client_id=MY_...");

The redirect_URI needs to match what you have listed in your Mashery account. What you have in your code example here is directing the person to our oauth site. However; the redirect is suppose to tell the authentication server where to send your customer/client/contact where to send them after they are authenticated. What you have currently is basically sending them in a loop.


A good example is if you use our API Tester page located at https://constantcontact.mashery.com/io-docs. After you authenticate by typing in your username/password the redirect URI we have in place sends you to the page that displays your Access Token.


In your case if you are operating on a website you may want to direct your customers to a webpage, or in the event that you don't need to direct them anywhere you can use the redirect URI of http://localhost.

Jimmy D.
Tier II API Support Engineer
Occasional Participant

Hi Jimmy,


Now, i am using redirect url "http://www.domain.com/test2.php"  and same on my mashery account but i am facing same issue. So please give me an example and if my redirect url is wrong then please tell me what put on my redirect url. Please help me.


Many thanks

Hi abhisheks,


At this point it would be best if you could email us at webservices@constantcontact.com. Please send us your code that you are using. This way we can see your API key and the full code. Some of that information should be kept private so posting the full file here is not suggested.

Jimmy D.
Tier II API Support Engineer
Developer Portal

View API documentation, code samples, get your API key.

Visit Page