About igvinc

Hello SeyiK9,   Thank you for reaching out to Constant Contact API Developer Support.    When using the new OAuth2 flows that are available for V3 using our recently implemented authorization management service, the access token lifetime is now a static 24 hours, and you have the option of using rotating refresh tokens or long lived refresh tokens:   Rotating Refresh Tokens will not expire unless they have been used and/or a new token set has been generated. Rotating refresh tokens can only be used once, as generating a new set of tokens causes all previous refresh tokens to expire.    Once you have your first set of tokens, you’ll want to set both the access token and the refresh token as values for corresponding variables in your application, so that when your program requests a new set of tokens it can assign new values to both of those variables to maintain an authenticated connection.   Long Lived Refresh Tokens (which can be configured within your V3 key’s settings), allow you to use the same refresh token continuously to generate new Access Tokens. You can use the same configuration as you would for the rotating refresh tokens if desired, you’ll just get back the same refresh token value each time when receiving your new access token.   Update Your Applications to Use the New Authorization Service https://v3.developer.constantcontact.com/api_guide/auth_update_apps.html   While we generally recommend using rotating refresh tokens (as they're more secure), using a long lived refresh token should alleviate many of the situations that we've seen reported where a refresh token becomes invalid, and then requires a new authorization request.   Currently, the Long Lived Refresh Tokens are only compatible with our OAuth2 Authorization Code Flow, and must be used at least once every 180 days in order to remain valid.   OAuth2 Authorization Code Flow https://v3.developer.constantcontact.com/api_guide/server_flow.html   Please have a look and let us know if you have any other questions! ... View more

Hello user257273,   Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.   In our V3 API, CORS is supported and the response should include an Access-Control-Allow-Origin header.   However, based on the logs for the API key that has recently connected with the account that you are posting from, I was seeing quite a few responses with the following error: "invalid_grant: unknown, invalid, or expired refresh token"   While the V3 API’s access tokens automatically expire two hours after their last use and have a maximum lifetime of 24 hours, refresh tokens will not expire unless they have been used and/or a new token set has been generated. However, refresh tokens can only be used once, as generating a new set of tokens causes all previous tokens (access and refresh) to expire.    Once you have your first set of tokens, you’ll want to set both the access token and the refresh token as values for corresponding variables in your application, so that when your program runs through step 5 of the OAuth2.0 Server Flow to get the new set of tokens it can assign new values to both of those variables to maintain an authenticated connection.   V3 API - Refresh the Access Token https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-5-refresh-the-access-token   You can either have the application refresh the tokens on a timer based on the life of the access token, or you can have each submission check to see if the access token is still active, and then use the refresh token to generate a new set of tokens if not.    How to Make Access Tokens Last Longer https://developer.constantcontact.com/api_guide/faqs_manage_applications.html   If you feel that my reply was not a good fit for your inquiry, please feel free to email our team directly at webservices@constantcontact.com and provide us with the API key you are using, the username for the Constant Contact account you are connecting with, as well as the full request, most recent refresh token value, and the full error response that you are receiving so that we can look into the issue with you further.   Please have a look and let us know if you have any other questions!  ... View more

Hello Adrianne, In addition to Melanie's suggestions, you can also incorporate some educational content in the form of video.  You can use some of the staff to record them. ~Karen Leonard, panelist ... View more

Hello RickS015,   Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.   While our familiarity with any other party's API is limited, the Google Maps API appears to only involve access to the Maps platform, not to any user's personal account data (saved places, timeline, etc). This is a key difference from our V3 API, which does allow access to our clients’ account data.   The OAuth flow we use allows the Constant Contact account owner to review the types of data and functionality that your application is requesting (scopes), prior to granting access, as the developer of an app is not necessarily the owner of the Constant Contact account’s resources that they are accessing.   Our API is designed to protect both our users, and their contacts, from having their data compromised. Short-lived access tokens allow Constant Contact to handle credentials in a secure way. By eliminating basic authentication and using access tokens with a limited lifespan, it decreases the risk and impact of compromised credentials.   Please let us know if you have any other questions! You can also reach our team directly via email at webservices@constantcontact.com ... View more

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.   The request for V3 application code samples is currently under review. However, we're currently still adding endpoints and capabilities to the V3 API, and do not plan to publish official SDKs or sample apps until that process is complete. Your feedback and experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.   In the meantime, here are the example calls that are currently available for V3:   V3 Code Samples: https://v3.developer.constantcontact.com/api_guide/tag_code_samples.html ... View more

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.   Access tokens automatically expire two hours after their last use, with a maximum lifetime of twenty four hours. The refresh token does not expire unless it is used or a new refresh token has been generated. Refresh tokens can only be used once, as generating a new set of tokens causes all previous tokens to expire.   You will need to set the access token and the refresh token as values for corresponding variables in your application, so that when your program runs through step 5 of the OAuth2.0 Server Flow to get the new set of tokens it can assign new values to those variables to maintain an authenticated connection.   V3 API - Refresh the Access Token https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-5-refresh-the-access-token   How to Make Access Tokens Last Longer https://developer.constantcontact.com/api_guide/faqs_manage_applications.html ... View more

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.   In your application, you should only need to store the most recent set of tokens, but you will need to request a new set of tokens each time the previous access token has expired. It is not necessary to store old tokens that have already been used.   Access tokens automatically expire two hours after their last use, with a maximum lifetime of twenty-four hours, while the refresh token only expires once used, or if a new refresh token is generated. When you’re running your application, you’ll need to check if the access token has expired, and if so, use the refresh token to generate a new set of tokens, but you should only need to store the most recent set of tokens.   V3 API OAuth2.0 Server Flow https://v3.developer.constantcontact.com/api_guide/server_flow.html Tokens Overview https://developer.constantcontact.com/api_guide/auth_overview.html#tokens   How to Make Access Tokens Last Longer https://developer.constantcontact.com/api_guide/faqs_manage_applications.html ... View more