Using API without authorization process

[gavin310]

I'm trying to use the API for a simple email signup form on a website. I need to get the access and refresh tokens, but in this use case there are no user redirect URLs or anything like that. What is the process for adding a contact without redirecting?

[phpfui]

What API endpoint are you using? I suspect you will need to authorize separately from your user interface. Once you authorize, save the access tokens off in your database. Use a nightly cron job to refresh them. Then have your front end capture the email address and on the back end, take the tokens out of the database (they will be current), and use the API endpoint you want, passing the data from the front end.

Hope that makes sense.

[gavin310]

Thanks for the quick response! I think the main issue here is I'm a noob with oauth2. I'm going to be using the /contacts/sign_up_form endpoint (\PHPFUI\ConstantContact\V3\Contacts\SignUpForm()) and I think what I have so far will work once I get the correct tokens. The part I'm not sure how to do is how to authorize separately from the UI. The first part of my code just has:

$client = new \PHPFUI\ConstantContact\Client( CC_APP_KEY, CC_APP_SECRET, 'https://localhost' ); $client->acquireAccessToken(); // Not sure what to pass here

In your README it is sending $_GET to the acquireAccessToken function. The source expects this array to have the keys state and code which would come from the UI, so I'm definitely not understanding the process for manual authorization at all. Constant Contact has a tool for generating access and refresh tokens in V2 which doesn't seem to work with V3 app keys.

[phpfui]

First, you can't use local host with Constant Contact, as OAuth2 needs to call back to your website and it can't do that with localhost. You will need to test on a publicly available server. QA servers are good for this.

I wrote some code to to put a user interface around the the authorization. You can find it here: https://github.com/phpfui/BicycleClubWebsite2023/blob/master/App/View/System/ConstantContact.php

I don't use blades or other hand coded html include files, so this is a bit different code than you are used to. This is also frontend and backend code at the same time, depending on how it is called (POST or GET and parameters). But basically you need to allow your user to authorize the permissions you are asking for. Note on line line 67, you redirect to the CC server. They ask the user if it is OK if your website can access their CC data. Then you get redirected back to this page and you need to save the tokens (line 45). Once you have the token saved off, you can just use it. The readme.md has the basic outline of this, but this example provides a nicer user interface.

Also, don't worry about OAuth2. I do all the hard work for you, you just need to use my client class in the proper order.

Try to understand the example. Basically it can return an empty $form if it just need to do same back end stuff, but will return a fully formed page (with form) if you to line 174. Early returns are at line 39, 63 and 69 depending on the parameters passed. No parameters, then it returns the user interface. I bit different from the 1950's include technology most PHP developers use. I don't write HTML by hand.

[gavin310]

Thank you! This is really helpful!

[phpfui]

Glad you find the library helpful. I had the same issues as you, OAuth2 (WTF) and just dealing with JSON and APIs is a PITA. This package shields you from all that. Also check out my blog: https://blog.phpfui.com I do things a bit differently from every other PHP dev I have ever seen due to coming from C++ and not JavaScript (barf!).

[gavin310]

Using your code I was able to make a super basic script to simply get my initial access and refresh tokens. From what I understand, since I have these, now I can automatically refresh my access token periodically (daily?) and I shouldn't need to do this again. I'll be saving the tokens to the database, but I just needed these first ones to get things rolling. Hopefully I'm understanding this process correctly... I love your blog btw! I'll be going through that later and reading your articles.

Here's what I made in case I did something dumb or if it can help anyone else:

// In Constant Contact set app's Redirect URI to https://www.yoursite.com/?ccauth=true

define( 'CC_APP_KEY', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' );
define( 'CC_APP_SECRET', 'xxxxxxxxxxxxxxxxx' );

if ( isset( $_GET['ccauth'] ) && $_GET['ccauth'] == 'true' ) {
    session_start();
    $client = new \PHPFUI\ConstantContact\Client( CC_APP_KEY, CC_APP_SECRET, 'https://www.yoursite.com/?ccauth=true' );
    if ( isset( $_GET['code'] ) && isset( $_GET['state'] ) ) {
        $client->acquireAccessToken( $_GET );
        error_log( 'Access Token: ' . $client->accessToken );
        error_log( 'Refresh Token: ' . $client->refreshToken );
    }
    else {
        header( 'Location: ' . $client->getAuthorizationURL() );
    }
    exit;
}

[phpfui]

Yes, this is the basics of what you need to do. Remember to periodically refresh the tokens.

I would also store the keys in a local file and not check them into version control, as that can be a security issue if you version control system gets publicly exposed.

I will keep this issue open as others have had the same questions.