Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
What I’m seeing is the within our logs for the key generated by your account is that after the Authorization Request URL is sent and access to the account is granted, Authorization Code is being generated, but not used, and then expires.
The Authorization Code only has a lifespan of 60 seconds in which it can be exchanged for your first token set: Exchange the Authorization Code for an Access Token and Refresh Token
Also, it looks like the key you provided in your example hasn’t been updated to use the new OAuth2 configuration that was rolled out at the beginning of this week. The instructions to do this are in the link below. You have to log into the same user that created the keys in order to edit them, as well as generate a new Secret for use in your Authorization Request:
Update Your Applications to Use the New Authorization Service
This includes updating your application code to use our new authorization and token endpoints. If you do not update your application, it will no longer be able to connect to Constant Contact as of March 31, 2022.
When setting up your Authorization Request, you’ll also want to include the scope “offline_access”, which is required for returning refresh tokens in the new configuration:
OAuth2 Authorization Code Flow
... View more