API connection to Marketo from a WebGL site throwing CORS errors

Highlighted

API connection to Marketo from a WebGL site throwing CORS errors

Has anyone got any experience of trying to do an API or Forms 2.0 connection to a WebGL website. The App we have is available in 3 formats that we have created an API to connect to Marketi, iOS, Android & a WebGL website. It works for iOS and Android, The data is not arriving in Marketo from the website. We have tested a registration using the WebGL and the browser console displayed an error saying that the API couldn't be contacted because of CORS restrictions. No record appeared in Marketo. This leaves us in a position of having to build a completely new API just for the website, which we want to avoid as this has to be otsourced and so is costly. We understand that if we can whitelist their domain in the CORS settings in Marketo, it will work, but we looked on the internet and found that Marketo doesn't allow this as it is a security risk. My question is, is the whitelisting definitely not possible, and if so, is there a way around the issue using the existing API?

3 REPLIES 3
Highlighted
Level 10 - Community Moderator

Re: API connection to Marketo from a WebGL site throwing CORS errors

You must never even contemplate using the REST API directly from the browser! You will be exposing your credentials to the world. It's a colossal security risk.

Not should you use the REST API in response to individual end user activities, even via an intermediate server. While in this case there may not be a data exfiltration risk, it's a reliability tragedy that isn't fit for a professional environment.

You need to describe your functional specs in full, but from the terminology you've used ("appeared in Marketo") it sounds like you should be using the Forms JS API, which is designed to scale for client-side use.

Highlighted

Re: API connection to Marketo from a WebGL site throwing CORS errors

Yes sorry when I said API or FOrms 2.0, I meant them as the same, ie a form that uses the API. We have done this multiple times before on multiple websites, but seems because this website is WebGL as we can't "get at" the data to populate it. I wondered if anyone else had this experience with a WebGL site?

Highlighted
Level 10 - Community Moderator

Re: API connection to Marketo from a WebGL site throwing CORS errors

OK, well that's much better!

I think you'll need to provide your URL for more research. The canvas itself has strict cross-origin rules. But in fact Forms 2.0 doesn't do a true CORS POST (it uses a more backward-compatible message + IFRAME method).