Regardless of who owns the account you must get permission to access it. In our v2 API you granted that permission when you generated the Access Token and then you hardcoded it in your application. The only difference is that our v2 API Access Tokens had a default expiration time of 10 years.
The underlying process in the v3 API of granting access to the account is still required; this time the Access Tokens have a shorted expiration time for security purposes.
If you go back to the v2 API and generate a new Access Token (or read through the oAuth docs) you will notice the step to login to the Constant Contact account and click Allow.
... View more