Hello MathewC79,
_
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
_
API connections that use basic authentication to access the account via your username and password are no longer considered a secure enough option to protect our customers' data. Our current V3 API uses OAuth2.0, which is the current industry-standard for authorization.
_
OAuth2.0 is more secure and does a much better job of keeping your Constant Contact account data safe. Additionally, when you give their integration permission to access your account, it will show you exactly which permissions the integration is requesting to be granted (rather than just granting all permissions). V3 also uses tokens that are continuously refreshed to keep the connection encrypted and secure.
_
We know the authorization process for V3 can seem a little daunting when first getting started, but you should be able to fully automate your integration with the exception of the initial Authorization Request screen and redirect, which can only be accessed/authorized via a browser window and cannot be bypassed, but you should only need to authorize your account once (grant permission and exchange auth code for first token set). After the initial connection, your application will use the access token to make calls, and the refresh token to generate a new token set once the access token expires (24 hours).
_
While our expertise is with our API itself as opposed to its implementation within any particular programming language, we are happy to answer any questions pertaining to Constant Contact’s API endpoints, functionality, and documentation. If you need any help getting getting started with authorization, feel free to reach out to our team directly by email at webservices@constantcontact.com and reference case #30543383.
_
Otherwise, if you have a specific use case or OAuth flow that you feel would better meet your needs, we’d love to hear from you. If possible, please include what specific solution(s) you’re looking for, whether your app would only access your own Constant Contact’s account data or if it would also be used by other accounts, and whatever other specific use case details you are able to provide. These details allow our developer team to consider whether your request is a good fit for future development. Your feedback and experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.
__
Please have a look and let us know if you have any other questions!
... View more
