How to make simple API call to post an email?


I've scanned through the v3 API docs a number of times but the authentication flows don't really seem to fit my very simple use case. The docs reference a "redirect URI" and "granting access to an application", but in this case I am the user / application and I just want to insert an email into Constant Contact via API call.


I have an email (received via form on my site) and I simply want to make a POST request to add this email to constant contact.


I have my API key and a secret, so can anyone tell me (or better yet, post a code snippet) the way to format an HTTP call to post an email? The part I seem to be stuck on is generating the access token.


Can I generate an access token once to be used at my server to authenticate calls to the CC API?


Thank you.


Hello @ericg5327,


Thank you for reaching out to Constant Contact's API Support.


You mention that you are stuck on generating the Access Token. When using our v3 API you do need to go through the oAuth flow, either client or server, to generate an Access Token. Even if you are the user this process is still required. The Access Token is what identifies which Constant Contact account you want to send data to and receive data from.


Once you have established that portion of your program you can then create your email. You can see a code sample of a POST on this page.

Jimmy D.
Tier II API Support Engineer
Regular Participant

I am looking to do the same thing.  The link you gave on how to setup authorization is very ambiguous.  For example, I am going through the client route (request to the API will be coming from JS).  The page says I need to send an authorization request, but where do you send this request to?  There is no URL referenced.  Also, when you try Googling anything related to Constant Contact's API, you get a bunch of links that reference the V2 build.

Regular Participant

This is what my current request looks like with jQuery's ajax() method:


type: 'POST',
url: '',
beforeSend: function(request) {
request.setRequestHeader('Authorization', 'Bearer {access_token}');
request.setRequestHeader('Postman-Token', 'akdslfjasf-adfkdf-42d-924-e9843168744');
request.setRequestHeader('Content-Type', 'application/json');
request.setRequestHeader('Accept', '*/*');
request.setRequestHeader('cache-control', 'no-cache');
data: {
email_address: {
address: ''


For the headers, I copied what was listed in the example at


For the "Postman-Token" header, I am using the "API Key" value associated with my registered app.  From the sounds of it, it seems this isn't enough.  I need to first hit an authorization server which should then return another token, but the article you linked to doesn't provide enough info on how to do this.



There doesn't need to actually be any Postman token in your calls. For details on our server flow, see:


The short description is that to connect an app, you first will direct them to an authorization URL. This will take the user to a Constant Contact login page. After they log in, they are asked to allow your app access. After clicking allow, they are then redirected to your Redirect URI, with a code appended in a query parameter. Then you need to make a POST call passing along that code in order to get an Access Token and a Refresh Token.


Access Tokens have a limited timeframe they can be used, but when they expire you can use the Refresh token to get a new access token and refresh token to keep making calls.


The other thing I'll mention is that our API is looking for a JSON string of the body content. You may need to use something like JSON.stringify() on your data before submitting the request.


Please let us know if you have any other questions!



David B.
Tier II API Support Engineer

Regular Participant

David, the crux of the original post and my post was that we're not working with users who are Constant Contact customers.  We have an input on our site that takes an e-mail and we want to add that e-mail to our account's contacts.  


Nowhere in this flow will anyone log into Constant Contact and then grant our app access to their account.  I am not sure how you got back to this thread with the OAuth description that's posted on the docs after the previous posts.


I am able to get the flow I described working, but it requires me to manually log into my Constant Contact account every 2 hours (tokens last for 2 hours) to get a new token and then use that in my call.  Is there a way to get a permanent token so I don't have to do this?  Is there an engineer from the dev team that can explain how you guys have designed the system to handle this use case?


This is a very straightforward process if we're using one of the competitor services to Constant Contact.  Why is it so difficult with Constant Contact?

Hi @DonnaH072,


The reason our oAuth was designed this way is for security reasons. If an Access Token is compromised it will expire in a relatively short amount of time so the potential "damage" that can be caused is minimal.


You are very close to using the oAuth flow how we intended it to work. You are manually getting a new Access Token every two hours. We actually intended for the Allow button to be clicked once, generate the first set of Access/Refresh Tokens, then store those tokens to be used.


When the Access Token expires (between two hours and twenty-four hours later) then you use the Refresh Token to generate a new Access/Refresh Token set, delete the old set and save this new set. This is the Step 5 in the server oAuth flow.

Jimmy D.
Tier II API Support Engineer
Developer Portal

View API documentation, code samples, get your API key.

Visit Page


API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up