Authentication

In order for an application to access the Constant Contact API, it needs to have a valid access token. The token is generated when a Constant Contact customer grants the application access to their account. An access token is currently valid for a period of 10 years, and the application needs to use it for each API call to the user's Constant Contact resources.

Access Tokens and Single User Integrations

If your app will access only one Constant Contact account, and is not meant to be used by other Constant Contact account owners, it's easy to generate an access token on our I/O Docs page. You should not need to create an OAuth 2.0 authentication flow. 

Using OAuth 2.0 to Access Constant Contact APIs

The Constant Contact API v2 uses OAuth 2.0 to authenticate and authorize applications. OAuth 2.0 is a relatively simple protocol that you can use to easily integrate with Constant Contact's OAuth 2.0 endpoints.

In simplest terms, you register your application with Constant Contact, parse a token from an HTTP response, and send the token to the Constant Contact API you wish to access. OAuth 2.0 lets a user authorize your application to access their private Constant Contact resources without having to share their log in credentials with your application.

Migrating to OAuth 2.0 Authentication

If you've already build integrations with us using older authentication methods, you can migrate your apps to use OAuth 2.0 using We have two migration endpoints to use depending on if you are migrating from either basic or OAuth 1.0a authentication. 

OAuth 2.0 Flows, Access Tokens, and Multi-user Integrations

If the app you're developing is intended to be used by many Constant Contact accounts owners, you will need to build an OAuth 2.0 authenticatio flow into your app. Depending on the type of app you're building (Web app, mobile app, other) you will use either the Server Authentication or the Client Authentication flow. The available wrapper libraries have OAuth 2.0 flow functionality you can use to speed up your development

Click here to view examples making API calls using the access_token. 

OAuth 2.0 - Before you start

NOTE: For developers who have v1 API keys, you need to create new v2 API keys to use the new APIs. If you have generated OAuth 2.0 tokens for your users using a v1 API key, those tokens will continue to work with the v2 API keys required for the current APIs.

The OAuth 2.0 flows requires the following, which you can find in your Constant Contact Developer account after you have registered an application:

  1. API key
  2. redirect_uri - this is set to http://localhost when registering the application, you can modify it once app is registered.
  3. client_secret

To register an application, do the following:

  1. Create a Constant Contact developer account if you do not already have one.
  2. Register your application. 

The redirect URI, client id, and consumer secret are used to authenticate the application with Constant Contact.  Once the app is authenticated, and the Constant Contact user grants access to their account, the app receives an access_token to use when making API calls to that user's account resources.

Constant Contact API v2 supports the Server (authorization code) and Client (implicit grant) OAuth 2.0 authentication flows. Use the client flow if your app will store the user’s access token on their device, like their smartphone or tablet. Use the server flow when the access token will be stored in the application's database.

NOTE: The v2 API does not support the ‘scope’ parameter referenced in the OAuth 2.0 specification.

Continue on to either the Server flow or the Client flow for detailed step-by-step instructions.