Digest Authentication **Deprecated and withdrawn in July 2009**
NOTE:
Constant Contact is withdrawing the Digest authentication mechanism in July 2009. Your application should not use Digest Authentication. This documentation is provided to aid existing API adopters in migrating their applications.
Overview
All API requests must be authenticated. The API supports several Authentication protocols, as described on the Authentication Overview section. This page discusses Digest Authentication. The API responds to unauthenticated requests with a 401 Unauthorized HTTP status. The response will include a WWW-Authenticate header with a Digest Authentication challenge string. Typically, API developers will not need to implement Digest Authentication because most standard HTTP client libraries include Digest implementations. All the API developer needs to do is provide the proper Username and Password values which are constructed as described below.
API Application Key
The API application key is used to identify the application making an API request. Developers should use a different key for each application they write. Developers should never disclose their API keys to anyone or place them in a web page where they can be seen with "View Source". If your key is compromised notify Constant Contact immediately. Anyone with access to your key can impersonate your application, which could lead to that key being disabled.
The key itself is a UUID, an identifier provided to developers by Constant Contact on request, subject to Constant Contact terms and conditions.
Getting an API Application Key
To get an API key, provide your Constant Contact (*not your developer web site*) login credentials and follow the simple flow here.
Making an Authenticated Request
The API key identifies the application making the request. API authentication is also used to verify that an application is allowed to perform the requested operation. The customer grants permission by providing his or her Username and Password to the application. Digest Authentication allows the application to prove that it has access to the customer's password without actually including it in the request.
The Constant Contact API Authentication uses standard HTTP Digest User Authentication as defined by RFC 2617. Digest authentication is implemented by most HTTP client libraries including those in Java (java.net package or Apache HttpClient), Javascript (XmlHttpRequest), .NET (System.Net HttpWebRequest and CredentialsCache) and PHP (HTTP extension).
To send an authenticated request, you must build the credentials in the following way:
| Username: | {API Key}%{Username}The API Application Key, followed by a '%' (percent sign character), followed by a the customer's (not the developer's) Username |
|---|---|
| Password: | {Password}The customer's (not the developer's) Password |
For example, if the developers API key is 7xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, the customer's Username is ctct_customer and the customer's Password is mypassword, then the request credentials would be:
| Username: | 7xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx%ctct_customer |
|---|---|
| Password: | mypassword |
- Printer-friendly version
- Login or register to post comments
Recent comments
2 days 4 hours ago
2 days 4 hours ago
2 days 8 hours ago
2 days 9 hours ago
2 days 9 hours ago
2 days 13 hours ago
2 days 20 hours ago
2 days 23 hours ago
3 days 4 hours ago
3 days 4 hours ago