Has ANYONE found a workaround for the update profile problem?

RESCQUNET
Campaign Collaborator

I NEED a way for users to remove themselves from lists quickly and easily, and I need that way to be available via a link that google doesn't remove. I need to be able to add it to the body of an email.  This has been a feature request, not kidding, since I worked for Constant Contact back in 2013. 

I've tried SO MANY workarounds: 

  1. I tried sending myself an email and C/P'ing the link to update the profile in the email. This did not work because the URL recall is genuinely archaic.
  2. Then it was created a custom sign-up form that masqueraded as a profile update but this is not destructive - it just adds to lists.
  3. I built a landing page on my Wordpress site and used EmailOptIn to add and remove labels from a user. It ignored Mail Opt-ins negative requests.
  4. So I tried forcing CTCT to re-write a contact instead of editing one using Zapier. CTCT said that was a firm no-go on that try.
  5. Then I bit the bullet and spent days learning (failing) how the V3 CTCT API worked and I gotta say it's definitely beyond me. 

I DO NOT want to learn JSON scripting beyond Google Tag Manager, just to build a RUDIMENTARY and FUNDAMENTAL email service like allowing a user to add and remove their own profile accounts from lists, categories, and tags. The active campaign, Maro Post, and even AWeber all have this function. 

 

I like Constant Contact. I used to work for the company and have broadly positive opinions to this day, but this simple feature is almost always the linch-pin that sends me elsewhere. I don't want to pay 3 times more just for this functionality.  

Has ANYONE who actually knows how to interface with the V3 API solved this problem? Havey ou written a replacement workflow for the update profile list? If so, can you please share your code and solution for us?

Better, can the CTCT custom code team please respond with a tutorial blog, even if it's for developers as a case study use of your API? I can figure it out from there. I'm a smart cookie, I just don't know the JSON language.

I just can't believe I have to try re-writing your update profile system because you won't do it. 

In case you couldn't tell, I'm desperate here folks. Does ANYONE have a workaround for this?

3 REPLIES 3
Courtney_E
Employee
0 Votes

Hello RESCQUNET,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

I apologize for the difficulty that you’ve experienced in regards to finding a functionality similar to the “Update Profile” tool for use within the bodies of your emails, and can see the value in offering that type of feature. I know it can be frustrating to run into product limitations like that, especially when it’s in regards to meeting the needs of your clients/organization.

 

I have tracked the feature request “Ability to add Update Profile link in an email or website” with your account and have also added your feedback to the ticket to ensure visibility for our engineering team. While this feature request is still under review and consideration, it looks like there is no ETA on if/when this functionality will be considered for further development at this time.

 

 

While our team’s expertise is with our API itself as opposed to its implementation within any particular programming language, we are happy to answer any questions pertaining to Constant Contact’s API endpoints, functionality, and documentation.

 

Constant Contact doesn’t offer any services as far as assistance with building custom integrations, but if you are in need of hiring a developer, please feel free to view a list of some 3rd party developers available for hire via our Marketplace: https://marketplace.constantcontact.com/ServicesSearch?need=Software+Development

 

However, if you feel that this functionality is essential for your organization, your best option is going to be to build your own integration (or have a developer build it for you) using our V3 API, though you’d have to develop/host the application yourself. 

 

 

Based on your use case, you would want to develop a web application, which you would also need to host (and then could link to directly within your email bodies). While our API does use JSON payloads, you can make the actual requests to our API using whichever programming language you prefer.

 

Typically, we don’t recommend using a public-facing form/integration which is capable of allowing contacts to be removed from lists or unsubscribed because of the possibility that a 3rd party could potentially manage their permissions if the proper security measures aren’t taken.

 

For instance, if the website where you are hosting this functionality allows users to log into your website using secure credentials, the contacts’ identities would be verified during the secure login process. 

 

However, in the event that users do not use a secure login to access your website or you want a public-facing option, an extra step would be required where users can enter their email address to update their preferences (or it’s pre-populated via the link), and then have a verification email deployed to that address with a unique link that securely redirects to the update form (similar to how our Update Profile tool works).

 

This way you can ensure that unauthorized users are not able to access the form and tamper with other contacts subscriptions, and also ensure that the contact is permission-based to meet all applicable laws and regulations, as well as our terms of service.

 

In both instances, you’ll need the email address field pre-populated and non-editable. This ensures that unauthorized users are not able to tamper with other contact’s subscriptions, and also ensures that the contact is permission-based to meet all applicable laws and regulations, as well as our terms of service.

 

Constant Contact's email permission policy

https://knowledgebase.constantcontact.com/articles/KnowledgeBase/5305-constant-contact-s-email-permi...

 

Understanding implied and express permission for CASL and GDPR

https://knowledgebase.constantcontact.com/articles/KnowledgeBase/5924-implied-and-express-permission...

 

If you decide to move forward with building/programming your own application using our API, below is one example of some of the endpoints and methods you might use to build this type of application:

 

  • So, once a verified user/recipient is securely redirected to the page where you want them to be able to change their subscription, you’d want the process to start by running GET Contacts Collection using the email query parameter to search for a contact using a specific email address to get their existing contact info and Contact ID. 
  • To ensure security, your program should pre-populate the user’s email for this variable, rather than them entering it, and the contact should not be able to edit that field. Make sure to specify which contact sub-resources to include in the response. Use a comma to separate multiple sub-resources. Valid values: custom_fields, list_memberships, phone_numbers, street_addresses, notes, and taggings. We need to get all the contact data, because when we later use PUT to resubmit it, all existing values will be overwritten. This allows you to both add and remove list selections with a single call. https://v3.developer.constantcontact.com/api_reference/index.html#!/Contacts/getContacts

  • Next, if they are updating their list memberships, you’ll want those to appear as pre-populated selections depending on which lists they want to be added to or removed from, and you’ll want to also have their current list selections displayed. You can get the list IDs before setting up the form by using GET Lists Collection: https://v3.developer.constantcontact.com/api_reference/index.html#!/Contact_Lists/getLists

  • For submitting updated data, including new list memberships, or completely unsubscribing, you’ll make a PUT call to the Contacts endpoint. You’ll need to use the "permission_to_send" parameter if they want to unsubscribe fully, otherwise, you’ll just append the new data to the data we got from the GET call. When updating any resource using PUT, all properties are updated, overwriting all previous values. Any properties left blank or not included in the request are overwritten with null value - however this does not apply to contact subresources. Add or change any of the subresources by including them in the PUT request payload. Omitted subresources are not overwritten with null. If the contact being updated was previously deleted from the account, the contact will be revived: https://v3.developer.constantcontact.com/api_reference/index.html#!/Contacts/putContact

 

*If you are using Confirmed Opt-In with your account, the methods in this example may not work with all contacts. If you feel that this limitation applies to your account, please feel free to email us at webservices@constantcontact.com to discuss whether other endpoint options may be available based on how you use your account.

 

Please have a look and let us know if you have any other questions regarding Constant Contact’s API endpoints, functionality, or documentation. Otherwise, if you have additional questions but they do not fit our teams scope of support, we are happy to redirect you to the appropriate resource!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
RESCQUNET
Campaign Collaborator
0 Votes

Good lord that is a long way of telling me "you won't find a solution here, but here's my best go at it." 

 

In all seriousness, I have a few things I want to respond to, but first I want to say thank you for being so thorough and explaining your position on why the update profile system is the way that it is.  I appreciate your personal attempts at making the API solve the problem for me even if through a 3rd party, but I'm afraid this answer is not going to work for my needs.  I appreciate your personal attempt at it. From this point forward my reply is to Constant Contact - not your personal answer.

With that said...

Quote: ". While this feature request is still under review, there is no ETA on if/when this functionality will be considered. [...] We don’t recommend using a public-facing form/integration [...]  because of the possibility that a 3rd party could potentially manage their permissions [...]. An extra step would be required where users enter their email address and then have a verification email deployed to that address with a unique link [< how it is now]."

 

This set of quoted statements, when put together tells me one big thing.  My feature request DOESN'T matter. No ones feature request on this forum for a revised update profile process matters. This has been a problem for over a decade on these very forums. Telling us the feature request is being reviewed is frankly, untrue, because the decision was already made. CTCT had to pick between database security and user autonomy and they chose security. So please just tell us that. 

In reality, CTCT doesn't want to tell us it's already been rejected and why. But you just did tell me why.  Constant Contact isn't remaking the update profile feature to fall in line with modern industry standards because it believes the system we are asking for makes the user profile data less secure. You told me you don't recommend I build it in the API unless I build it exactly as you have it already (a secure email).

We, the community however, have been telling you for a decade that this current approach is LESS acceptable because you have sacrificed user autonomy and freedom to their accounts in the name of security. We are not looking for the security to ensure a user's account preferences aren't hacked at the cost of that users ability to manage their own lists, tags, and permissions. Instead, we as a community are asking for the freedom and transparency a user requires to do it themselves DESPITE this problem and that is how every other email provider has moved in the wake of GDPR. 

So to be frank, I don't think Constant Contact will EVER implement on this. Our request is not a technical problem, but a moral one based on values of your engineers.  That is fine, but please tell us as such. It's an issue of CTCT valuing security of data over user preference and freedom.  Simple as that.

Now, more practically speaking: 
I appreciate you telling me how I should build the API.  I don't think that it's worth the time I have spent already to build this so I'm putting this issue on the back burner until my business has the necessary cash to build it, but I think that instead of paying to have the API built and hosted, or learning how to do it, I will stick with CTCT only so long as it is financially a better idea to stay, and go with Maro Post or Active Campaign when I can afford them.  Hopefully, when that time comes and I reassess, Constant Contact will have found a way to have its database security cake, and eat it too. 

Thank you :smileyface: Your response really was insanely helpful despite my aggravation. 

For forum users equally frustrated and looking for an answer, I hope this has shined a light on the issue that's been going on these forums since 2013. 



Courtney_E
Employee
0 Votes

Hello RESCQUNET,

 

Thanks for your thoughtful reply and your detailed feedback.

 

I have submitted additional notes on the feature request ticket for “Ability to add Update Profile link in an email or website” which references this community thread in order to ensure that your feedback gets reviewed.

 

Please let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up