Use this endpoint to migrate users of your application from basic authentication to OAuth 2.0 authentication to access either the v1 or v2 Constant Contact API.
Click a method to view its documentation
This API allows you to, transparent to the end user, migrate your users with OAuth 1.0a authentication to the OAuth 2.0 authentication flow.
This is the work flow you need to follow in planning your migration to OAuth 2.0.
You need to include the following when making a call to the migration endpoint to receive a new OAuth 2.0 access token:
If you are not using an application framework such as Spring and it's related library functions, you will need to generate the following OAuth 1.0a Authentication parameters required to make a POST call to the migration endpoint:
See RFC 5849 for OAuth 1.0a details, and RFC 6749 for OAuth 2.0.
You can migrate users who meet the following criteria:
You need to create a Mashery account if you don't have one, and register your client/application. Go here for details.
No, if your client has a Mashery API key and has only been used with OAuth 1.0a authentication, you do not need to a new API key for OAuth 2.0 authentication.
Yes, you should migrate because OAuth 2.0 authentication is an industry-standard method that is more secure than OAuth 1.0a.
The request payload must be url encoded; set Content-Type to application/x-www-form-urlencoded, and Accept to application/json.
POST https://oauth2.constantcontact.com/oauth2/oauth1migration
Content-Type: application/x-www-form-urlencoded
Accept: application/json
Authorization: OAuth
oauth_consumer_key="dpf43f3p2l4k3l03",
oauth_token="nnch734d00sl2jdk",
oauth_signature_method="HMAC-SHA1",
oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D",
oauth_timestamp="1191242096",
oauth_nonce="kllo9940pd9333jh",
oauth_version="1.0"
new_client_id=<new_mashery_api_key>&new_client_secret=new_mashery_api_key_secret
If successfully migrated, we will redirect to the 'Redirect URI' in the DB and append the access_token,token_type and the expiration:
https://example.com/?access_token=f8e20fed-75cf-4f66-9672-63ef67763363&token_type=Bearer&expires_in=306109992
According to the standard Oauth 2.0 flow, you'll find the access_token required for API access in the Location header of the 302 redirect response returned from the POST request to the Migration API.
ResponseHTTP/1.1 302 Moved Temporarily
Date: Thu, 31 Oct 2013 15:37:17 GMT
Server: Apache
X-Powered-By:
Set-Cookie: p2_sso_cid=l1-sso2; Path=/; domain=.l1.constantcontact.com; Secure; HttpOnly
Location: http://localhost.com?access_token=12fcf96c-b7ca-4fca-b3d6-1cf4e2dfdd03&token_type=Bearer&expires_in=315359999
Content-Language: en-US
Content-Length: 0
Vary: Accept-Encoding,User-Agent
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate, no-cache="Set-Cookie"
Pragma: no-cache
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: BIGipServerL1_OAUTH2=2556957706.20480.0000; path=/
Any error messages are returned in a JSON formatted array:
[
{
"error_key": "error_key",
"error_message": "message"
}
]
This API allows you to migrate your users with basic authentication to the OAuth 2.0 authentication flow in a manner that is transparent to the user.
This is the work flow you need to follow in planning your migration to OAuth 2.0.
You will need the following for each user migration that you want to perform:
You can migrate users who meet the following criteria:
You need to create a Mashery account if you don't have one, and register your client/application. Go here for details.
Yes, you should migrate because OAuth2 authentication is an industry-standard method that is more secure than basic authentication. If your client has a Mashery API key and has only been used with basic authentication, you do not need to get a new Mashery API key.
The request payload needs to be url encoded; set the header Content-Type to application/x-www-form-urlencoded. The API processes this information using the OAuth2 flow described here.
Post https://oauth2.constantcontact.com/oauth2/basicmigration
Accept: application/json
content-type: application/x-www-form-urlencoded
old_client_id=d25ea2377ba6418c817aff50& old_client_secret=10F6F3398A5685DA49A41C20FB8E8D66& user_name=Websd3378af3-1dda-420131031113713926& user_password=123456&new_client_id=d25ea2377ba6418c817aff50 &new_client_secret=10F6F3398A49A41C20FB8E8D66
Any error messages are returned in JSON format. According to the standard Oauth 2.0 flow, you'll find the access_token required for API access in the Location header of the 302 redirect response returned from the POST request to the Migration API.
ResponseHTTP/1.1 302 Moved Temporarily
Date: Thu, 31 Oct 2013 15:37:17 GMT
Server: Apache
X-Powered-By:
Set-Cookie: p2_sso_cid=l1-sso2; Path=/; domain=.constantcontact.com; Secure; HttpOnly
Location: http://localhost.com?access_token=12fcf96c-b7ca-4fca-b3d6-1cf4e2dfdd03&token_type=Bearer&expires_in=315359999
Content-Language: en-US
Content-Length: 0
Vary: Accept-Encoding,User-Agent
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate, no-cache="Set-Cookie"
Pragma: no-cache
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: BIGipServerL1_OAUTH2=2556957706.20480.0000; path=/
code |
description |
---|---|
302 |
Migration was successful, new access token was issued |
400 |
Bad Request; either the request was malformed, the new_client_id is not a Mashery API key, or the redirect_uri was invalid |
401 |
Authentication failure; either the client or the user cannot be authenticated |
403 |
Forbidden; the client or the user do not meet the migration requirements |
406 |
Unsupported accept header value, must application/json |
415 |
Unsupported content-type in header, must be application/x-www-form-urlencoded |
500 |
Internal server error |