Hi,   I received a phone call from someone claiming to be from Constant Contact stating that there are required changes to implement for developers who integrate their applications with CC that are using the API 3.0.   They said they would follow up with an email outlining what changes needed to be made.  They seemed to know quite a bit about our product.   Is this legit?  And if so would you please point me to a link on your web site that discusses the changes that need to be made?   Thanks, Chris Campbell ... View more

Hello,   #SoapBox ON   I've seen many posts from people attempting to perform oAuth 2.0 using non web enabled applications, such as C# and VB.Net.  It's extremely disappointing to read on your website your position that you've chosen to abandon these users by not providing any sdk’s or really, any relevant support whatsoever, to people writing non-web enabled apps.     From my standpoint I've found a solution to the whole oAuth 2.0/non-web enabled app quandary.  It cost me some coin in having to purchase a 3rd party web control (the one in Visual Studio doesn't work) that could be placed on a form and have the oAuth code returned and captured in a received headers event, but at least it's a solution.  (i.e. Essential Objects eo.webbrowser)    I'm obviously new to your 3.0 API (we are upgrading from your V1.0 API) so I know there is a learning curve to climb.  This climb is complicated by the vagueness of some of your terminology.  For example, you refer to an “Access code” interchangeably between what is really the “oAuth2 Token” and the “Access Token” that gets returned with the “Refresh Token”.  (All these tokens, reminds me of the 70’s)  Since most of the snippets in your replies lack any sort of context, it’s difficult to know exactly what is what.   It would be awesome if you had a functioning sample application, in VB or C# available for us mere mortals.   #SoapBox OFF   I’ve been successful in obtaining the oAuth2 Token.  Once obtained I’m able to successfully obtain both an Access Token and a Refresh Token (returned from the same call).    (Here is the code to obtain the Access Token and the Refresh Token in case anyone is interested.  I stole most of this from somewhere) Imports RestSharp ‘ // Obtained through NuGet Imports Newtonsoft.Json ‘ // Obtained through NuGet Private Function CC_API3_GetAuthorizationToken() As Boolean Dim sBase64cred As String Dim client = New RestSharp.RestClient("https://idfed.constantcontact.com/as/token.oauth2?code=" & gstrOAuth2_Token & "&redirect_uri=" & cLocalHost & "&grant_type=authorization_code") Dim request = New RestRequest(Method.POST) Dim credentials As String = consumerKey & ":" & consumerSecret Dim plain As Byte() = System.Text.Encoding.UTF8.GetBytes(credentials) Dim response As IRestResponse sBase64cred = Convert.ToBase64String(plain) Dim base64auth = "Basic " & sBase64cred request.AddHeader("authorization", base64auth) Try response = client.Execute(request) Dim jsonResulttodict = JsonConvert.DeserializeObject(Of Dictionary(Of String, Object))(response.Content.ToString) gstrAccess_Token = jsonResulttodict.Item("access_token") gstrRefresh_Token = jsonResulttodict.Item("refresh_token") CC_API3_GetAuthorizationToken = True Catch ex As Exception CC_API3_GetAuthorizationToken = False MsgBox(ex.Message) End Try End Function This is what I’ve returned    {"access_token":"xxxxqHDToiD5iztXVsXUqjxLxxxx","refresh_token":"xxxxKTqbfVISVsKI42ioJHRe2wECQhtvl3A7XSxxxx","token_type":"Bearer"}   The problem I am now running into now is that the “Access Token” doesn’t seem to work when making requests, such as downloading a list of email lists.  I’ve received two different errors depending on which “Token” I’m using.  “Request forbidden due to insufficient authorization scopes” or just “Unauthorized”   Here is the code for that: (Also mostly stolen from bits and pieces of other posts) Private Sub CC_API3_GetListOfLists() Dim client = New RestSharp.RestClient(https://api.cc.email/v3/contact_lists?include_count=false) Dim request = New RestRequest(Method.GET) Dim plain As Byte() = System.Text.Encoding.UTF8.GetBytes(gstrAccess_Token) Dim sBase64cred As String = Convert.ToBase64String(plain) Dim b64_Auth = "Bearer " & sBase64cred Try request.AddHeader("content-type", "application/json") request.AddHeader("cache-control", "no-cache") request.AddHeader("accept", "application/json") request.AddHeader("authorization", b64_Auth) Dim response As IRestResponse = client.Execute(request) Dim jsonResulttodict = JsonConvert.DeserializeObject(Of Dictionary(Of String, Object))(response.Content.ToString) Catch ex As Exception MsgBox(ex.Message) End Try End Sub   My Scenario:    I’m using my “Partner” CC account.  I’m using my application’s consumer key and consumer secret key, created just for this application. I’ve signed into CC using my “Partner” CC login name and password via the oAuth2 method described above to obtain my oAuth2 Token.   Questions: Am I missing any steps in the whole “get a valid token/authorization” process?   When making a request to interact with data in CC, which “Token” should I be using?  It seems obvious that I should be using the "Access Token" but I've read conflicting post entries. Does whichever token I’m supposed to be using need to be encoded to base64 as I’m doing in the above example prior to being added to the header, or should it be plain text? Am I including or omitting anything in the header definition that would cause the “Unauthorized” response? What other things can I be looking at?   Thank you. Chris Campbell        ... View more

Hello.  I'm attempting to issue an Authorization Request and am receiving Internal error 500: (I've x'ed out sensitive information)   Here is the request information:   {System.Net.HttpWebRequest} Accept: "application/json" Address: {https://api.cc.email/v3/idfed?client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx&redirect_uri=https%3A%2F%2Flocalhost%3A8888&response_type=code} AllowAutoRedirect: True AllowReadStreamBuffering: False AllowWriteStreamBuffering: True AuthenticationLevel: MutualAuthRequested {1} AutomaticDecompression: None {0} CachePolicy: {Level:BypassCache} ClientCertificates: {System.Security.Cryptography.X509Certificates.X509CertificateCollection} Connection: Nothing ConnectionGroupName: Nothing ContentLength: -1 ContentType: "application/x-www-form-urlencoded" ContinueDelegate: Nothing ContinueTimeout: 350 CookieContainer: Nothing CreatorInstance: {System.Net.WebRequest.DesignerWebRequestCreate} Credentials: Nothing [Date]: #1/1/0001 12:00:00 AM# Expect: Nothing HaveResponse: False Headers: {Accept: application/json Content-Type: application/x-www-form-urlencoded Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx } Host: "api.cc.email" IfModifiedSince: #1/1/0001 12:00:00 AM# ImpersonationLevel: Delegation {4} KeepAlive: True MaximumAutomaticRedirections: 50 MaximumResponseHeadersLength: 64 MediaType: Nothing Method: "POST" Pipelined: True PreAuthenticate: False ProtocolVersion: {1.1} Proxy: {System.Net.WebRequest.WebProxyWrapper} ReadWriteTimeout: 300000 Referer: Nothing RequestUri: {https://api.cc.email/v3/idfed?client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx&redirect_uri=https%3A%2F%2Flocalhost%3A8888&response_type=code} SendChunked: False ServerCertificateValidationCallback: Nothing ServicePoint: {System.Net.ServicePoint} SupportsCookieContainer: True Timeout: 100000 TransferEncoding: Nothing UnsafeAuthenticatedConnectionSharing: False UseDefaultCredentials: False UserAgent: Nothing   Any help would be appreciated.   Thanks.   Chris  ... View more

Hello David and team at CC.  It's been a while.   We are currently wanting to upgrade our CC integration in our product from API V1.0 to API V3.0.  In reviewing the requirements, it appears many things have changed.     To review, our product is a desktop app written in vs.net that gets installed at our customer's location.   First, it appears that they (our customers) will no longer use their CC login name and password to access to their data.  Rather each customer would have to generate and input their own specific api key and secret key.  Is this correct?   Second, it appears that requests and responses formatted in Xml are no longer supported.  Is this correct?   Thanks.     ... View more