Hello user643957,

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

Our V3 API does use API keys. Step 2 of the documentation I am linking below contains instructions on how to generate them.

V3 API Quick Start Guide:

https://developer.constantcontact.com/api_guide/getting_started.html

Once you have generated a V3 API key, our available OAuth2 flows are used to authorize it on an account and generate an Access Token, which can be used to make authorized calls to the standard V3 endpoints. Each of our authorization flows requires the use of a browser window for a user to grant access to an application for their Constant Contact account through a permission request screen, however, you should only need to do this once as after access has been granted, your application can maintain account access through the use of refresh tokens.

If you don’t want to use redirects for authorization, I would recommend looking into our device flow, which doesn’t use redirects or the client secret. I’m including documentation for this authorization flow below.

OAuth2 Device Flow:

https://developer.constantcontact.com/api_guide/device_flow.html

I see that a V3 API key has been generated under your account, however, I’m not seeing any authorization requests made using it in our logs. The error you encountered would typically indicate that an invalid client ID/API key was used in the request. We would be happy to investigate this further if you can reach out to webservices@constantcontact.com with a full example of your authorization request, including headers.

Please let us know if you have any other questions!

Regards,