Munchkin Code on Third Party Site

Highlighted
Level 10 - Community Moderator

Re: Munchkin Code on Third Party Site

"Visit web page" activities are logged by the munchkin code, not by the URL click tracking (which would lead to a "click link" activity).

Click Link in Web Page is logged by Munchkin.

Click Link in Email is not logged by Munchkin.

FTR....

Highlighted
Level 10 - Community Moderator

Re: Munchkin Code on Third Party Site

Visited Web Page {URL}services.html on DomainB.com

another way to put it

Visited Web Page DomainB.com/services/

The link click from DomainA to DomainB can/should already be logged as a Clicked Link on Web Page activity, with the target of the link (DomainB) included in the log.

While you could fake a Visited Web Page activity using the Munchkin API, you don't want a VWP here because it will appear as if the page is under DomainA.

Highlighted
Anonymous
Not applicable

Re: Munchkin Code on Third Party Site

Thanks for the insight!

Highlighted
Level 2

Re: Munchkin Code on Third Party Site

Hey Sanford,

Was wondering if this method works reasonably with CVent? I'm stuck using them for a project and I know they're very restrictive with what javascript you are able to inject or edit on their page. 

While I have munchkin loading on the page it's a moot point since it won't get logged back to Marketo.

Is something like this feasible http://developers.marketo.com/blog/make-a-marketo-form-submission-in-the-background/

for such a use-case?

Thanks

Highlighted
Level 10 - Community Moderator

Re: Munchkin Code on Third Party Site

If you can get an identifying piece of info from site to site I would sooner use the mkt_tok. But yes, if you send the email from site to site you can do a hidden form post with it.

Highlighted
Level 2

Re: Munchkin Code on Third Party Site

Hi, Gregoire!

If someone is authenticated, could you not use the Associate Lead API call to connect the cookie to Marketo?

POST /rest/v1/leads/{leadId}/associate.json

http://developers.marketo.com/rest-api/endpoint-reference/lead-database-endpoint-reference/#!/Leads/...

Of course, you would need to have the LeadID.

Merci!

Highlighted
Level 10 - Community Moderator

Re: Munchkin Code on Third Party Site

You cannot call the REST API from the browser, period.

The Munchkin API associateLead can be used from the browser, but only if you already have a token securely generated. See these posts for more info.

Highlighted

Re: Munchkin Code on Third Party Site

Posting a form in the background is a much better option, IMHO.

To elaborate a bit on Sanford's point, calling a REST API from a browser, drives some DOS attack risks.

-Greg

Highlighted
Level 10 - Community Moderator

Re: Munchkin Code on Third Party Site

It's worse than DoS, it's a complete compromise of your instance. You can never connect directly from the browser because you're exposing credentials (that must be secret) that allow anyone to alter any fields on any lead in your instance.

If you gateway the connection through an intermediate server, then you can mitigate the worst risk by ensuring that only the associateLead method is called and only with particular fields. But that's when you have an open DoS vulnerability.