Constant Contact Add On Not Authorizing [RESOLVED]

I have very recently begun working with constant contact, and am in the process of connecting our forms, but have pretty much hit a brick wall right out of the gate. I’ve created the application over at Constant Contact ( - setup client ID and secret, added the correct redirect uri, and pretty much followed these directions to the letter:

  • Login to the Constant Contact V3 Portal and create a “New Application”.
  • Enter “Gravity Forms” for the application name and click “Save”.
  • Copy your Constant Contact API Key and paste it into the API Key field below.
  • Click the “Generate Secret” button, go through the secret generation process and paste the resulted key in the “App Secret” field below.
  • Paste the URL (URL) into the Redirect URI field and click “Save” in the top right corner of the screen.

The only thing I have changed is trying a different application name. It seems absurd that application name would be problem, but it should be mentioned. Especially considering the instructions specifically say you should use a different app for each website.

The result, every time is: “400 - Unknown or invalid client_id”

Is anyone having the same issue? Is this a new issue?


Hi John. We recently received a couple of support tickets about this issue. It appears that Constant Contact changed their OAuth implementation, and New Applications won’t work with our add-on until we make a change there. If you have an existing application, you can connect; that will work for the time being.

I recommend opening a support ticket for the issue so that we can notify you when a fix is available: Log In ‹ Gravity Forms — WordPress

Thank you.

I’m receiving this same error - please get this fixed soon :slight_smile:

Hi Chris,
Thanks for your response. I’ve opened another ticket on the issue. In the meantime, since this basically bricks our webforms, I’m considering as a workaround authorizing using some other means, and saving the access and refresh tokens in the DB directly. Do you know what the expected array structure is for the “gravityformsaddon_gravityformsconstantcontact_settings” option?
I’m assuming I would need the access token and refresh token, but not sure what else would be needed. In other words, what would it look like after a successful authorization?


For anyone who needs a fix in the meantime, I believe I have a working solution, according to the Constant Contact API docs here: OAuth2 Authorization Code Flow | Constant Contact Developer Portal

  1. The ‘offline_access’ scope was supposed to be automatically appended, and is required for returning refresh tokens. Apparently this was changed and this scope was no longer being added.

  2. It seems that Constant Contact doesn’t want client ID and Secret in the Authorization header, but in the POST body, as application/x-www-form-urlencoded.

  3. The URLs in the add-on don’t match the URLs on Constant Contact, and I’m not sure which is more recent. That may be altogether irrelevant, since they seem to just redirect, but I updated the URLs for both authorization requests and authorization codes.

In all, I’ve made the following changes to class-gf-constant-contact.php and authorizing new apps seems to be working:

In the get_auth_url() method:
Line 828:

$auth_url = '';

Line 834:

'scope'  => 'contact_data offline_access',

In the get_tokens() method:
Line 1330:

$auth_url = '';

After Line 1342

'client_id' => $this->get_app_key(),
'client_secret' => $this->get_app_secret()

Remove This Line 1347 where the params are added to the url:

$auth_url = add_query_arg( $auth_params, $auth_url );

Change Line 1361 from:

'Authorization' => 'Basic ' . base64_encode( $this->get_app_key() . ':' . $this->get_app_secret() ),


'Content-Type' => 'application/x-www-form-urlencoded'

Lastly, after headers on Line 1364 add body:

'body' => $auth_params,

Hope this saves someone some time.


Thanks for this solution. Definitely saved me some time. For some reason the connection is not persisting though. After a while the add-on disconnects and we need to log back into to Constant Contact in the settings. Are you experiencing this?

Yes, after coming back to it today I discovered that the token refresh failed. The client ID and client secret lines also need to be added to the parameters for the refresh request. I forget the exact line numbers but it’s between lines 1330 and 1342.

1 Like

Thank you!

For anyone having an issue connecting the Constant Contact Add-On, please open a support ticket. We have a build that will resolve the issue for you. Thank you.

1 Like