Skip to content
This repository was archived by the owner on Dec 16, 2021. It is now read-only.

Authentication

Jump to bottom
ctctsupport edited this page Jun 26, 2012 · 10 revisions

While the Constant Contact REST API currently supports several authentication models, including Basic, OAuth 1.0a, and OAuth 2.0, as of Summer 2012 we request that developers use the OAuth 2.0 authentication model. We will be announcing the end of support for Basic Authentication soon, and we strongly encourage developers to begin switching to OAuth 2.0 as soon as possible. Both the Server and Client flows from the OAuth 2.0 spec are now supported, so developers can choose the best approach for their application.

  • USERNAME - The Constant Contact user name you are looking to access resources for
  • APIKEY - The Constant Contact API key for your application
  • PASSWORD - (BASIC AUTH ONLY) The Constant Contact password of the user name you provided
  • CONSUMERSECRET - (OAUTH ONLY) The consumer secret for your application

##OAuth 2.0 Authentication (Recommended)

<?php
include_once('ConstantContact.php'); 
$ConstantContact = new ConstantContact('oauth2', "APIKEY", "USERNAME", "CONSUMERSECRET");
?>

OAuth 2.0 is the preferred authentication strategy, and is the current default strategy employed in this PHP Wrapper Library. The index.php script will check for valid/current authentication credentials, and if they do not exist will offer some instructions and a redirect the web browser to a Constant Contact login page for login and authorizing access to the user's Constant Contact account. The client is then redirected to the redirect_uri, which must also be included (verbatim) in the API Key settings, which can be edited here. The redirect_uri is specified in the API Key settings and must match to prevent certain types of redirect exploits that would be possible with such a simple authentication strategy if redirect_uri were allowed to be specified arbitrarily during the authentication flow.

Standalone OAuth 2.0 Example

<?php
require_once ('ConstantContact.php');
require_once ('config.php');
session_start ();

// Istantiate a new oAuth2 object by passing in all the necesssary
// information to authenticate
$oAuth2 = new CTCTOauth2 ( $apikey, $consumersecret, $verificationURL, $_GET ["code"] );

// trade your code in for an access token by doing a POST
$token = $oAuth2->getAccessToken ();

// store information into the array to pass into the DataStore object
$sessionConsumer = array ('username' => $_GET ["username"], 'access_token' => $token );

$Datastore = new CTCTDataStore ();
$Datastore->addUser ( $sessionConsumer );
if(isset($_SESSION["backto"]))
{
	// if you set a return url and have stored it into backto
	$returnURL = $_SESSION["backto"];
}
// refresh the page to where you want to send them
header('Location:' . $returnURL);
?>

// Link back to index.php when $returnURL not set
<a href="index.php">You have
	authenticated, Go back</a>

##OAuth 1.0a Authentication

<?php
include_once('ConstantContact.php'); 
$ConstantContact = new ConstantContact('oauth', "APIKEY", "USERNAME", "CONSUMERSECRET");
?>

An example script to implement OAuth 1.0a authentication can be found in the examples subdirectory in this PHP Wrapper Library. OAuth 1 can be implemented by using the above code, specifying "oauth" when the ConstantContact Object is instantiated in the index.php file (line 9), or your own application scripts, and replacing example_verfication.php script in the wrapper's root directory with the one in the examples subdirectory.

Standalone OAuth 1.0a Example

By default, OAuth authentication makes use of the CTCTDataStore class found in Authentication.php. In order to make usage of this library easier to demonstrate, session variables are used in the CTCTDataStore->addUser() and CTCTDataStore->lookupUser() functions. For security reasons we STRONGLY recommend modifying these functions to utilize your own database.

<?php

include_once('ConstantContact.php');
session_start(); // Session variables must be enabled by default


// Set variables
$api_key = 'API KEY'; // API Key
$consumer_secret = 'CONSUMER SECRET'; // Consumer Secret
$callback_url = 'http://'.$_SERVER['SERVER_NAME'].(($_SERVER['SERVER_PORT'] != '80') ? ':'.$_SERVER['SERVER_PORT'] : '') .$_SERVER['REQUEST_URI'];

// Instantiate CTCTOAuth class with credentials
$CTCTOAuth = new CTCTOAuth($api_key, $consumer_secret, $callback_url);

if(!$_GET['oauth_verifier']){
//Step 1: Obtain a request token for the new OAuth consumer
    $CTCTOAuth->getRequestToken();

    // Store request_token and secret for use after the authorization has been granted
    $_SESSION['request_token'] = $CTCTOAuth->request_token->key;
    $_SESSION['request_secret'] = $CTCTOAuth->request_token->secret;

//Step 2: Send the user to Constant Contact for authorization
    header('Location: '.$CTCTOAuth->generateAuthorizeUrl());

} else {
//Step 3: Once authorized, exchange the request token for an access token

    // Create a request_token from the SESSION variables we stored in Step 2
    $requestToken = new OAuthToken($_SESSION['request_token'], $_SESSION['request_secret']);
    $CTCTOAuth->request_token = $requestToken;

    // Set the authorized username
    $CTCTOAuth->username = $_GET['username'];

//Step 4: Request an access token using the 'oauth_verifier' returned from Constant Contact
    $CTCTOAuth->getAccessToken($_GET['oauth_verifier']);

    // Create an authorized user and add it to the CTCTDataStore
    $sessionConsumer = array(
        'key' => $CTCTOAuth->access_token->key,
        'secret' => $CTCTOAuth->access_token->secret,
        'username' => $CTCTOAuth->username
    );

    // Add new user to the datastore
    $Datastore = new CTCTDataStore();
    $Datastore->addUser($sessionConsumer);
}
?>

Basic Authentication

<?php  
include_once('ConstantContact.php');  
$ConstantContact = new ConstantContact('basic', "APIKEY", "USERNAME", "PASSWORD"); 
?>

Clone this wiki locally