About DamonM84

I just went through something similar and found that the email only sends for brand new contact. If the contact had been added and then deleted, the email wouldn't send (I tested a lot with the same email address). The other thing is to ensure that Confirmed Opt-in is turned on under your account settings.   I don't know if either of these fit your case but I figured I'd pass them along. ... View more

Just to follow-up and hopefully save someone else some time: (1.) In my testing, yes, those other methods of redirecting work too. It doesn't appear that the redirect must be 302. You are basically just passing control back to your program, which is independent of the API. (2.) Getting the redirect to pass-thru without issue took me a lot of trial/error and forum searches. In the end, I found this answer to be yes - you can attach additional query parameters. One potential "gotcha" to be careful about is if you're creating the CtctOAuth2 object in different places inside your code (eg, you create your authentication link in a different module than your callback hooks). Be certain that the value you're passing for the third parameter ($redirectUri) is the same everywhere. For my WordPress implementation, I make use of the admin_post_(action) hook. This allows me to create my OAuth object like this: $redirect = urlencode( admin_url( 'admin-post.php?action=app_ctctauth' ) ); $oauth_url = ( APP_CTCT_OAUTH_URL . '?redirect=' . $redirect ); $oauth = new \Ctct\Auth\CtctOAuth2( APP_CTCT_API_KEY, APP_CTCT_SECRET, $oauth_url ); and then receive the redirect like this:   function app_process_ctctauth() { // Exchange $_GET['code'] for access token } add_action( 'admin_post_app_ctctauth', 'app_process_ctctauth' );     ... View more

Hi Elijah,   I have a few follow-up questions.   First, just to be certain I'm understanding correctly - my software must use the redirect uri I registered with my Application to merely forward incoming requests back to the uri of my customer's installation. A 'code' query parameter will be present with the redirect, that I will then use the API to exchange for an access token.   Assuming I'm on the right track, let's say I create a PHP script at http://www.integration.com/ctctredirect/. The script could look like this:     if ( isset( $_REQUEST['redirect'] ) && isset( $_SERVER['QUERY_STRING'] ) ) { header( "Location:" . $_REQUEST['redirect'] . "?" . $_SERVER['QUERY_STRING'] ); exit; }     This leads to my questions:   (1.) Must this be a 302 redirect or if necessary, would a meta refresh or javascript redirect also be compatible with the Ctct API?   (2.) The $_REQUEST['redirect'] variable will contain the entire, urlencoded value I pass during creation of the CtctOAuth2 object, right? I ask because the redirect uri I register with my Application accepts no query parameters. So, if I need additional query parameters, can they be passed to the OAuth2 object and in turn, Ctct will pass them back along to my PHP redirect script?   (3.) If the above is all correct, then I wonder if this PHP script I must use is creating an 'open redirect' security vulnerability for phising attacks, etc. I presume I could check the http_referer inside my script but I've read it's easy to spoof and not entirely reliable across all browsers. Do you guys have a best practice you recommend to your developers?   Thanks again for helping me through this!   Damon ... View more

Hi Elijah,   Thanks so much for the references and the explanation! I will take a closer look at the plugin and play around with your recommendation of the redirect script. Thanks again for the quick and thorough response! emoticon.smileyface.title   Damon ... View more

Hi Elijah, Thanks for looking into that and the insight. Do you have a simple, PHP example that demonstrates the OAuth 2 process (in particular, getting an access token) with your API? My software is a Wordpress plugin and I'm trying to support as many autoresponders as possible for my customers. I can integrate easily with other companies (GetResponse, MailChimp, etc) using just a generated API key. With Constant Contact, however, I am burning a lot of time trying to get something to work and hate the idea of forgoing support for it. Any examples or recommendations for sample Wordpress plugins is greatly appreciated. I have seen some moderators recommend this plugin, Unfortunately, it's quite short of being a simple example and as other report, it also just crashes upon running.   Thanks again for the help,   Damon ... View more