Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Constant Contact wants to help you succeed! We’re celebrating our professional service programs on the Constant Contact Community this month and you have a chance to try one of the services for free! Learn more.
TL;DR: Add HTTP Basic Authentication or something similar to the API v3. As discussed in another topic and as I'm sure many more people will encounter when switching to API v3, the way they used to the API won't work. The problem is in the authentication method. OAuth is made so that it works for approaches like the Wordpress plugin where a third party provides a tool or is a middle man to manage other people's contacts/subscriptions on CTCT. This comes short in scenarios that concern only one account. Imagine a website which primary focus is for example a game, yet they use CTCT to send e-mail newsletters to their users. They also have multiple newsletters (a general newsletter and a developer's newsletter) which they want to offer their users to subscribe to. The inline form makes no sense to them since users have already provided them their emails. The API with OAuth makes no sense either as they are not managing other user's account. They are only concerned with making a simple form in their settings where they would allow their users to select which newsletters they want to subscribe to and then send that contact and subscription information to CTCT to update their contacts. Bonus being that they could also retrieve subscription information for each user so that they can show them actual subscriptions in case a user unsubscribed via e-mail and not through their web page. HTTP Basic Authentication offers one option to make this possible (obviously only over HTTPS). The goal is to make an authentication method that identifies the account holder and then allows to make API calls to their account only. Another option could be a new form where the contact's id/email would be provided and it would display their subscription status, but that would not satisfy more complex use cases (ie. automated systems). Thank you for your consideration!
... View more
Thank you @Jimmy_D, That was what I thought. I think what would be appreciated would be addition of HTTP Basic Authentication (or something like that) so that users can access only their own account. This would be useful for scenarios where the project is only concerned about managing one (their own) account on their own platforms. Maybe something similar to Mailgung approach, but in case of CTCT it would mainly concern managing contacts and their mailing list subscriptions. I'll add this as a API enhancement request. Once again thank you for your answer.
... View more
I have been trying to figure out something similar for about a day. In my case I want to integrate newsletter subscriptions (newsletters from me) for users of my application where they can manage subscriptions (multiple mailing lists) from my app settings, my app would then take their preferences and manage that on my CTCT account via the API. The problem is that there is no room for OAuth for the users, it doesn't make any sense either. With v3 it is obvious that v2 allowed for two use cases. In v2 you could generate access token and leave that in the system settings and have access to the one account you wanted to manage. This probably wasn't how the API was intended to use, but this hack worked. The second use case, which is the only one that v3 allows, is that you use an app through which you can interact with you CTCT account. This is perfect for most scenarios where there is a personal interaction, like setting up a plugin for Wordpress. This is lacking for automated systems like mines where I need to setup some initial button in administration to click to trigger the OAuth flow to get the needed credential (not to mention building the entire OAuth flow and management just for this) instead of simply calling the API with my username & password for authentication. That is my take on this. Please correct me if I'm wrong and/or missed something.
... View more