Good lord that is a long way of telling me "you won't find a solution here, but here's my best go at it." In all seriousness, I have a few things I want to respond to, but first I want to say thank you for being so thorough and explaining your position on why the update profile system is the way that it is. I appreciate your personal attempts at making the API solve the problem for me even if through a 3rd party, but I'm afraid this answer is not going to work for my needs. I appreciate your personal attempt at it. From this point forward my reply is to Constant Contact - not your personal answer. With that said... Quote: ". While this feature request is still under review, there is no ETA on if/when this functionality will be considered. [...] We don’t recommend using a public-facing form/integration [...] because of the possibility that a 3rd party could potentially manage their permissions [...]. An extra step would be required where users enter their email address and then have a verification email deployed to that address with a unique link [< how it is now]." This set of quoted statements, when put together tells me one big thing. My feature request DOESN'T matter. No ones feature request on this forum for a revised update profile process matters. This has been a problem for over a decade on these very forums. Telling us the feature request is being reviewed is frankly, untrue, because the decision was already made. CTCT had to pick between database security and user autonomy and they chose security. So please just tell us that. In reality, CTCT doesn't want to tell us it's already been rejected and why. But you just did tell me why. Constant Contact isn't remaking the update profile feature to fall in line with modern industry standards because it believes the system we are asking for makes the user profile data less secure. You told me you don't recommend I build it in the API unless I build it exactly as you have it already (a secure email). We, the community however, have been telling you for a decade that this current approach is LESS acceptable because you have sacrificed user autonomy and freedom to their accounts in the name of security. We are not looking for the security to ensure a user's account preferences aren't hacked at the cost of that users ability to manage their own lists, tags, and permissions. Instead, we as a community are asking for the freedom and transparency a user requires to do it themselves DESPITE this problem and that is how every other email provider has moved in the wake of GDPR. So to be frank, I don't think Constant Contact will EVER implement on this. Our request is not a technical problem, but a moral one based on values of your engineers. That is fine, but please tell us as such. It's an issue of CTCT valuing security of data over user preference and freedom. Simple as that. Now, more practically speaking: I appreciate you telling me how I should build the API. I don't think that it's worth the time I have spent already to build this so I'm putting this issue on the back burner until my business has the necessary cash to build it, but I think that instead of paying to have the API built and hosted, or learning how to do it, I will stick with CTCT only so long as it is financially a better idea to stay, and go with Maro Post or Active Campaign when I can afford them. Hopefully, when that time comes and I reassess, Constant Contact will have found a way to have its database security cake, and eat it too. Thank you Your response really was insanely helpful despite my aggravation. For forum users equally frustrated and looking for an answer, I hope this has shined a light on the issue that's been going on these forums since 2013.
... View more