I have a requirement where the client is asking to encrypt/hash users' email addresses in the unsubscribe link in any marketo email. Can we do this in Marketo, and if yes, then can anyone share their knowledge on how to implement this in Marketo? Would be a great help
Yes, it is possible in a Velocity token. But I'd like to hear the full use case. This is a non-Marketo page unsubscribe page, I presume? What is the specific reason they can only compare hashes?
So the use case is that the unsubscribe page is non-marketo and when a user clicks on the unsubscribe link in the marketo email, the user's email address is passed along the mkto token, and the requirement is to encrypt that email address which will be further processed in the unsubscribe page as per the need (which I'm not fully aware of-meaning I don't know what operations they will have on that encrypted address). We only have the ask to encrypt the email address in that unsubscribe link.
So they understand that SHA-256 is not reversible? They already have a database with all the email address and their precomputed hashes? Or are they going to hash every email address in their db on-the-fly while searching (terrible idea)?
Please check this with them because I don't want to send you down a road that will end up being unusable.
Just sharing... I've done a similar project in the past where instead each user in the external app had a unique ID, which was created upon registration and sent to Marketo via API. Marketo emails would append the unique id to the unsubscribe link (a non-marketo page) and allowed the user to edit their email preferences. An API call would send their updated preferences back to Marketo.
Thank you for the reply Sanford, and I apologize for responding so late (was absent from work), but here's the update from the original requester. They want to do something called advanced encryption standard, they want to have a symmetric encryption implemented between Marketo and their system (where their unsub page is). They want to perform encryption at Marketo side and using a shared key they would decrypt the email address. They also mentioned that Hashing will not work as their system needs to know the cleartext email to unsubscribe the user.
Now I'm not completely aware of this technique and I'm not sure if this is possible in Marketo, that to maintain a shared key in Marketo for this symmetric encryption. So I hope that you're aware of this as well and could shed some light on this type of integration in Marketo
Yes, you can use AES from Velocity for reversible encryption (of course that's why I mentioned they probably didn't want SHA-256 because it isn't reversible... I can read into these things from experience!).
However, you should professionally engage a Marketo-fluent Velocity developer from this point. It's too complex and sensitive a project for unsupported code.
Thank you for your reply Sanford, really appreciate your help here. Just one quick question. Is the velocity script that you've written here : SHA-256-ing an email address in Velocity is only for SHA-265 hashing or can we use/modify it for AES encryption?
It supports all of the MessageDigest hash algorithms by substituting the corresponding name: MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512.
It doesn't do encryption or decryption. That requires a different set of of classes and functions.