Invalid redirect

Regular Participant

Invalid redirect



I'm using the omniauth gem for Rails and my app seems to be going to Constant Contact correctly via "Grant Access" but then it explodes with a very unhelpful "Invalid redirect" error.


My callback uri for my app is http://localhost:3000/auth/constantcontact/callback with is following the convention of integration with five other apis that are working fine.  Any ideas why it doesn't like my callback?  The error doesn't even tell me what uri I am trying to use.  That would be very helpful information for that error.


The earlier omniauth-constantcontact gem just gave me NullPointerExceptions.  It might be worth investing in something to track exceptions like New Relic.



Regular Participant

Also, it keeps asking me to log in every time I try to auth which is making it even more frustrating.  Could you please retain login?

Regular Participant

Looking at the source for the page, I see that it is using an old uri for the redirect.  Caching issue?  This is about 30 mins old and I've resaved a dozen times.

Looked at this on our side, looks like you have two API keys.  One of which is out of sync with our database right now which we are looking at.  That key is not enabled as it requested Partner API access but we can't find you as a partner (support would have been following up with you on that today).  If you're attempting to use that key, it won't work as it is not an active key.  If you're using the other key, the redirect_uri isn't a locol_host:3000 URI.  That key is set to your development environment for your company and would need to be updated. 


Can you PM me which API key you're using?

Dave Berard
Senior Product Manager, Constant Contact
Occasional Participant

ConstantContact hasn't got back to me yet so I'll post here for the next person getting these issues.


Since my first account seems to be broken because I asked for Partner access, I created a new account.  I was VERY careful to get the correct URL because CC seems to have issues caching/updating them.  This worked fine for my development/test env (although it kept asking me to log in and grant acccess EVERY time, which I guess could just be an annoying "feature").  Once I was happy with that, I created another app under my new account for my production site.  This has caused the old "the client ID : [my new app id] is not valid or has been disabled" to happen again.


I'm going to create a new-new account for production now.  Wish me luck.

Occasional Participant

Nope.  Creating a new-new app didn't work.  Getting key "is not valid or has been disabled" all on this one too.

Occasional Participant

Just gave it another shot.  The new-new production key works now.

I tested both your keys in production against my own account and both worked without issue.  I've also confirmed all keys are enabled, redirect_uri values are correct in all databases and that there are no issues with rate limits on any of the keys.  It looks like everything should be working for you.


Is it possible for you to post your code you're using or email it to  At this point, it's likely that the problem is a coding issue rather than configuration.  We did resolve the redirect_uri issue when you reported it, sorry for not posting that resolution though. 

Dave Berard
Senior Product Manager, Constant Contact
Occasional Participant

I am having the same issue with omniauth constant contact 2 gem in rails. I get invalid redirect. I have the same url set for both. Wish I could get some more info on the errors :/

Sorry you're having a problem here.  The redirect_uri mismatch error is only returned when the URI you set up does not match the one you're passing identically (with the exception of query parameters which can be optionally added on the request and are not used for comparison purposes).  Can you email us your API key and code sample so we can look at what you're doing and see if there is some sort of issue?

Dave Berard
Senior Product Manager, Constant Contact
Occasional Participant

Hi Dave, 

                Thanks for the response. Looks like, I was able to resolve my issue with adding website to the application. It would really help WEB SITE if you make this a required field. Atleast for future users.


invalid redirect was really misdirecting and I wasted almost a day, looking at the gem and some error from my end.


It would also help atleast if the error message can give little more detail or some kind of documentation that could say the possible causes of the same error, but different reasons. 

    <title>Constant Contact API v2 OAuth2 Example</title>
    <link href="//" rel="stylesheet">
    <link href="styles.css" rel="stylesheet">

README: Get an access token
This example flow illustrates how to get an access token for a Constant Contact account owner using the OAuth2 server flow.
You must have a valid Constant Contact API Key, consumer sercret, and associated redirect_uri. All of these can be obtained from

// require the autloader
require_once '../src/Ctct/autoload.php';

use Ctct\Auth\CtctOAuth2;
use Ctct\Exceptions\OAuth2Exception;

// Enter your Constant Contact APIKEY, CONSUMER_SECRET, and REDIRECT_URI
define("APIKEY", "[REDACTED]");

// instantiate the CtctOAuth2 class


<div class="well">
    <h3>OAuth 2 Authorization Example</h3>

    // print any error from Constant Contact that occurs during the authorization process
    if (isset($_GET['error'])) {
        echo '<span class="label label-important">OAuth2 Error!</span>';
        echo '<div class="container alert-error"><pre class="failure-pre">';
        echo 'Error: ' . $_GET['error'];
        echo '<br />Description: ' . $_GET['error_description'];
        echo '</pre></div>';

    // If the 'code' query parameter is present in the uri, the code can exchanged for an access token
    if (isset($_GET['code'])) {
        try {
            $accessToken = $oauth->getAccessToken($_GET['code']);
        } catch (OAuth2Exception $ex) {
            echo '<span class="label label-important">OAuth2 Error!</span>';
            echo '<div class="container alert-error"><pre class="failure-pre">';
            echo 'Error: ' . $ex->getMessage();
            echo '</pre></div>';

        echo '<span class="label label-success">Access Token Retrieved!</span>';
        echo '<div class="container alert-success"><pre class="success-pre">';
        echo '</pre></div>';

    } else {
        <!-- If the 'code' query parameter is not present, display the link the user needs to visit to initiate the oauth flow -->
        <button class="btn btn-primary" type="button"
                onclick="window.location.href='<?php echo $oauth->getAuthorizationUrl(); ?>';">Get Access Token
    <?php } ?>



Please solve this issue



You can correct this issue by editing your API key in Mashery so that yhe Redirect URI matches the URI that is used in your code. To edit your key you will need to navigate to and log in to your Constant Contact developer account. Once you have updated the key, it may take up to 5 minutes for those changes to be fully propagated to our servers.


If you continue to have any issues after updating your Redirect URI, please let me know!



Elijah G.
API Support Engineer


Is anyone still facing the same "Redirect URI mismatch" issue?


I'm trying to use the OmniAuth gem for Rails and my application seems to be going to Constant Contact correctly till "Allow Access?"( page  but then it fails  with error message "Redirect URI mismatch" error.

redirect_uri_mismatch: Redirect URI mismatch. {

"error": "redirect_uri_mismatch", "error_description": "Redirect URI mismatch."


My callback URI for application is set as http://localhost:3000/auth/constantcontact/callback



Looking at that github the redirect URI you are using is listed as the development redirect according to the file. It is also linking to our older v1 API information. Are you using a v1 API or a v2 API key? Do not post your API key. Did you create your API key using this website?


If you did then log in and click on My Account in the upper right. Click on Applications, then click on Edit. This will show you what redirect URI you have set up for your API key. It needs to match the redirect that is in your code. You can change either location. If you change the information in the API key location it can take up to 10 minutes to update.


If you need to post information that should be kept private I suggest to email us at

Jimmy D.
Tier II API Support Engineer

Invalid redirect.

Please close the window to return to your application.

Developer Portal

View API documentation, code samples, get your API key.

Visit Page