Thank you for reaching out to Constant Contact API Developer Support and for your patience. My team is here to assist outside software developers with questions about building into Constant Contact's API.
The V3 API uses both an Access Token and a Refresh Token, rather than a long lasting token like the V2 API uses. Using access tokens with a limited lifespan decreases the risk and impact of compromised credentials. V3 still makes use of Authorization Bearer for the Access Token, but you will also need to use the Refresh Token to obtain a new Access Token when the existing one expires.
When going through the OAuth2.0 Server Flow for the V3 API, you should only need to use the Authorization Request URL once, and then after that you can exchange the Authorization Code for an Access Token and a Refresh Token which can be used to authenticate from that point forward.
OAuth2.0 Server Flow for the V3 API https://v3.developer.constantcontact.com/api_guide/server_flow.html
More about V3 Tokens https://developer.constantcontact.com/api_guide/auth_overview.html#tokens
... View more
