My name is Caleb and I am a member of Constant Contact's API Developer Support Team.
The error message that you are receiving is typically caused by an invalid refresh token. Our refresh tokens do not have a set expiration time and instead the only way for a refresh token to become invalid would be for either the token to be used to refresh the access token or for a new authorization request to be made using the same API Key and the same Constant Contact user account. That being said, there are a few common situations which other users have experienced that may be the reason you are experiencing this error message.
The first common situation would be that your application is not storing the new refresh tokens after using the initial refresh token. This is due to the refresh token becoming invalidated after a successful refresh request as a new refresh token will be generated. To prevent this specific circumstance you will want to verify that your application is updating the refresh token variable to the new value after a successful refresh request.
The second most common situation would be if you have multiple instances of your application running on more than one machine without a shared database. This is caused by having one instance of the application successfully send a refresh request resulting in a new refresh token being generated. Without a shared database for your application to reference the newly generated token will invalidate the original refresh token resulting in the other instance of the application being no longer able to refresh its tokens as the initial refresh token was used in the other instance.
The final most common situation would be if your application is making non-blocking (asynchronous) refresh attempts when receiving the 401 response to another API request. This can result in your application sending multiple refresh attempts without first verifying that a response (with a new access and refresh token) has been received. This causes any requests made after the initial request to be invalidated resulting in the invalid error message. To prevent this, your application would need to send the refresh request upon receiving the 401 response and then wait for a response from the API before proceeding with further API calls.
If these situations do not align with how your application is behaving then we will need to have you log the requests, responses, the timestamps, as well as any error messages you are receiving and send these logs to us by email 'firstname.lastname@example.org'. This will allow us to evaluate the behavior and properly identify the cause of the invalid refresh token.
... View more