Unclear on how to get access_token

SOLVED
Go to solution
FirstNameL86527
Campaign Expert
0 Votes

I'm fighting with the API trying to get authenticated.  I'm trying to get authenticated so my script can add new members to my contacts/lists each week (or on demand) from another application.  That means there is nobody Accepting or Denying whether to allow access - it should always allowed by this app. Likewise, I have no legit redirect URL, so I just use localhost.  I'm using Python and calling a GET to:

 

https://api.cc.email/v3/idfed?client_id=xxxxxxxxxxxxxxxxxx&redirect_uri=https%3A%2F%2Flocalhost&response_type=token&scope=account_read+account_update+contact_data

Once I've done this, I'm stuck.  I've read the documentation found in "Authentication Overview", but that doesn't clear up what to do in my case.  There is nobody available to click the Accept button as this is an automated process.

 

Once I have the response from the GET above, what steps are required to get an access_token?

 

TIA.

 

1 ACCEPTED SOLUTION
raleighb3
Marketing Legend
0 Votes

in your case, you are following the Client Flow.   so, the Access Token you want is embedded in the redirect uri ( after 'Allow' is clicked ).    as documented here:  https://v3.developer.constantcontact.com/api_guide/client_flow.html

 

but, i think perhaps you will want to use the Server Flow, which allows for refreshing access tokens via program code.  here:  https://v3.developer.constantcontact.com/api_guide/server_flow.html

i believe both Client and Server flows require hands on interaction for each account your app needs access to.   The difference is that the Client flow requires this at each session( well, the token is good for 2 hours? ).  The Server flow requires only the initial authorization, then you can refresh the token value(s) as need in code..   

Good luck.

View solution in original post

4 REPLIES 4
raleighb3
Marketing Legend
0 Votes

in your case, you are following the Client Flow.   so, the Access Token you want is embedded in the redirect uri ( after 'Allow' is clicked ).    as documented here:  https://v3.developer.constantcontact.com/api_guide/client_flow.html

 

but, i think perhaps you will want to use the Server Flow, which allows for refreshing access tokens via program code.  here:  https://v3.developer.constantcontact.com/api_guide/server_flow.html

i believe both Client and Server flows require hands on interaction for each account your app needs access to.   The difference is that the Client flow requires this at each session( well, the token is good for 2 hours? ).  The Server flow requires only the initial authorization, then you can refresh the token value(s) as need in code..   

Good luck.

FirstNameL86527
Campaign Expert
0 Votes

For clarification, if using the server method, I manually authorize once (ever) then simply renew the token using that code from then on in my batch upload code?

raleighb3
Marketing Legend
0 Votes

that is  correct.   the explanation of the Server Flow on the link above does a good job clarifying the entire process and requirements.       

FirstNameL86527
Campaign Expert
0 Votes

Thanks!  That did the trick.

Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up