Our v3 API is now available! Learn more by visiting the v3 developer portal. Creating new v2 API keys is no longer supported.

User roles in Constant Contact

Constant Contact allows you to have multiple people working in your account, each with their own unique username and password. You can assign a role to your additional users to restrict their access in the account while keeping control over your campaigns. The number of Account Users available depends on your pricing package.

Learn more about User Roles by reading this FAQ.

User roles and API privileges

User roles are enforced in the Constant Contact API through the use of privileges. The majority of API endpoint and method combinations require one or more privileges for access. Each user role has a set of privileges that define which objects, methods and services that they can access in the UI and the API.

Endpoint privileges

You can see the privileges required for each endpoint and method combination on the Overview of API Endpoints and Methods page.

While users are given roles in account management, the API works exclusively with privileges. Roles are simply named collections of privileges that may change over time. Access control on the API is implemented on the
combination of resource identifier (URI) and HTTP method.

Error messages and error handling

If a user identified by the provided oauth token does not have the required privileges to access the requested resource the response code will be 403.

DO To improve the user experience, make sure that your app handles the privilege error and pass the message to the user. This way the user knows they don't have the required privileges, and if they believe that they ahould have access to that functionality, they know to talk to the account owner.

Get user privileges

The User Privileges endpoint returns all API privileges for the user identified by the OAuth access_token. As a developer, you should create an optimized user experience in your app for each user based on their set of privileges. This endpoint does not have any required privileges associated with it.

Optimizing the user experience

DO We strongly urge you, the integration developer, to design your app/integration so that it is optimized for each user role. For instance, if a user does not have privileges to delete a contact, the Delete button should not appear on the apps contacts screen for that user. Please see Design Considerations for User Roles for detailed design recommendations that were developed and used by the Constant Contact User Experience team.