Hello SeyiK9,
Thank you for reaching out to Constant Contact API Developer Support.
When using the new OAuth2 flows that are available for V3 using our recently implemented authorization management service, the access token lifetime is now a static 24 hours, and you have the option of using rotating refresh tokens or long lived refresh tokens:
Rotating Refresh Tokens will not expire unless they have been used and/or a new token set has been generated. Rotating refresh tokens can only be used once, as generating a new set of tokens causes all previous refresh tokens to expire.
Once you have your first set of tokens, you’ll want to set both the access token and the refresh token as values for corresponding variables in your application, so that when your program requests a new set of tokens it can assign new values to both of those variables to maintain an authenticated connection.
Long Lived Refresh Tokens (which can be configured within your V3 key’s settings), allow you to use the same refresh token continuously to generate new Access Tokens. You can use the same configuration as you would for the rotating refresh tokens if desired, you’ll just get back the same refresh token value each time when receiving your new access token.
Update Your Applications to Use the New Authorization Service
https://v3.developer.constantcontact.com/api_guide/auth_update_apps.html
While we generally recommend using rotating refresh tokens (as they're more secure), using a long lived refresh token should alleviate many of the situations that we've seen reported where a refresh token becomes invalid, and then requires a new authorization request.
Currently, the Long Lived Refresh Tokens are only compatible with our OAuth2 Authorization Code Flow, and must be used at least once every 180 days in order to remain valid.
OAuth2 Authorization Code Flow
https://v3.developer.constantcontact.com/api_guide/server_flow.html
Please have a look and let us know if you have any other questions!
... View more
