Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
An app developed using our API can be used by any Constant Contact account holder, if the developer chooses to share their app. In our documentation, when the term "user" is used in the OAuth description, this is referring to the Constant Contact account holder who is authorizing the app to access their Constant Contact account.
In the example you provided of the sign-up form on your company’s website, you would be both the developer and the user of the application. Your website visitors who are signing up through your form wouldn’t directly be “users” of the app, they would simply be providing the data (by filling out the form), which the app would then send to Constant Contact.
Our V2 API does also require the use of OAuth, and using an access token to authorize requests. The difference between the API versions has to do with token lifetime. Our V2 API grants tokens with a 10 year lifetime and does not include the ability to refresh these tokens when they expire. In keeping with evolving security practices, our V3 API grants access tokens with a shorter lifetime, which can be refreshed. I hope this helps to clarify some of your concerns.
Please let us know if you have any other questions!
... View more