In order for an application to access the Constant Contact API, it needs to have a valid access token. The token is generated when a Constant Contact customer grants the application access to their account. An access token is currently valid for a period of 10 years, and the application needs to use it for each API call to the user's Constant Contact resources.
If your app will access only one Constant Contact account, and is not meant to be used by other Constant Contact account owners, it's easy to generate an access token on our I/O Docs page. You should not need to create an OAuth 2.0 authentication flow.
The Constant Contact API v2 uses OAuth 2.0 to authenticate and authorize applications. OAuth 2.0 is a relatively simple protocol that you can use to easily integrate with Constant Contact's OAuth 2.0 endpoints.
In simplest terms, you register your application with Constant Contact, parse a token from an HTTP response, and send the token to the Constant Contact API you wish to access. OAuth 2.0 lets a user authorize your application to access their private Constant Contact resources without having to share their log in credentials with your application.
If you've already build integrations with us using older authentication methods, you can migrate your apps to use OAuth 2.0 using We have two migration endpoints to use depending on if you are migrating from either basic or OAuth 1.0a authentication.
If the app you're developing is intended to be used by many Constant Contact accounts owners, you will need to build an OAuth 2.0 authenticatio flow into your app. Depending on the type of app you're building (Web app, mobile app, other) you will use either the Server Authentication or the Client Authentication flow. The available wrapper libraries have OAuth 2.0 flow functionality you can use to speed up your development.
Click here to view examples making API calls using the access_token.
NOTE: For developers who have v1 API keys, you need to create new v2 API keys to use the new APIs. If you have generated OAuth 2.0 tokens for your users using a v1 API key, those tokens will continue to work with the v2 API keys required for the current APIs.
The OAuth 2.0 flows requires the following, which you can find in your Constant Contact Developer account after you have registered an application:
To register an application, do the following:
The redirect URI, client id, and consumer secret are used to authenticate the application with Constant Contact. Once the app is authenticated, and the Constant Contact user grants access to their account, the app receives an access_token to use when making API calls to that user's account resources.
Constant Contact API v2 supports the Server (authorization code) and Client (implicit grant) OAuth 2.0 authentication flows. Use the client flow if your app will store the user’s access token on their device, like their smartphone or tablet. Use the server flow when the access token will be stored in the application's database.
NOTE: The v2 API does not support the ‘scope’ parameter referenced in the OAuth 2.0 specification.