Following up from IP Spoofing .
Here is the scenario:
1. We have a Marketo landing page with a Marketo form.
2. API calls are made to an external server to pre fill the form using an api key.
3. After user interaction and updates, the Marketo form is submitted.
4. API calls are made to the same external server to then update the user info.