Can you explain the problem with option 3? Other than potentially hitting a rate limit (which for my application will not happen), what is wrong with refreshing before every request? ... View more

Thank you, Jimmy D. Something tells me you've heard this before, but just in case: if I delete the contact via the Constant Contact UI, it asks me to confirm that I want to completely remove the Contact from my account. So either the UI behaves differently than the API, or the terminology is inconsistent in the worst possible way. Either way it's really, really, misleading == frustrating, time-consuming, and cost-inducing. ... View more

Thanks Jimmy. In this case the only website it's going in is our own. We're adding our own website registrant's email as a new Contact in our own Constant Contact account. Our customer should not be required to have a Constant Contact account, and if they did, we wouldn't want access to it.   QUESTION 1: Our requirements are so simple that I keep thinking there must be a simpler solution that I've overlooked. Is there?   Meanwhile, I've got this working by manually entering this URL in my browser...   https://api.cc.email/v3/idfed?client_id=<api_key>&redirect_uri=<redirect_uri_exactly_as entered_in_the_api_key_form>&response_type=code&scope=contact_data   ...which redirects to my redirect_uri, with the authorization code as a parameter in the URL. I manually store that as a setting on our site, though it only gets used once. Then I very quickly (because the code expires in 1 minute?) manually create a dummy registration on our site. The code I wrote then looks for a saved access token, and if it doesn't find one, it uses the authorization code to programmatically retrieve and save new access/refresh tokens.    Somewhere in that process -- maybe when the authorization code is used to get the tokens, can't remember -- I'm prompted to manually approve access (for writing Contact data) to our own Constant Contact account. That doesn't seem to happen consistently, i.e., after doing it the first time, I've run through the whole sequence numerous times, and only occasionally have I been prompted. Presumably the approval is cached somewhere for a period of time.   Once the first access/refresh tokens have been saved, whenever someone new registers on our site, my code refreshes/saves the token (every time), then uses it to add the registrant's email as a new Contact in our Constant Contact account.   Assuming there isn't an easier way to do this...I just want to be sure that neither manual step (getting the authorization code, nor approving account access) will ever need to happen again. I think it may if I make changes relating to the api key, e.g., generate a new secret key, or maybe if I change the redirect URI, which we can live with.   QUESTION 2: Are there any other situations at all that would require me to get a new authorization code, or to manually re-approve access to our own account?    Thank you! Julie   ... View more

I am also struggling with this, and still not entirely clear. Our website is simply trying to add new contacts to a list using info collected from our own registration form.   You've said that "At this time our oAuth2 flow does require user interaction once to type in the username/password of the Constant Contact account that you are sending your email addresses to, and to click the Allow button."   Can you clarify exactly where/how I would do that?   Regarding refreshing the token, we are not making frequent requests -- our token is likely to need refreshing every time we use it. Is there any reason we shouldn't refresh every time we use the API (except the first), rather than setting up a timer? Assuming not, do we need to bother trying the access token first before refreshing, i.e., is it a problem if we attempt to refresh before the token has expired?   Finally, I add my vote for a B2B flow that does not require manual interaction. To me it seems like the most common of uses, but perhaps I'm missing something -- for example is there a simpler mechanism I failed to notice and should be using instead?   Thank you!!   ... View more