SOLVED

Using Marketo Tokens on External Landing Pages

Go to solution
Highlighted
Anonymous
Not applicable

Using Marketo Tokens on External Landing Pages

Hi,

Is it possible to use Marketo tokens on external landing pages and populate the information via the API? If it is possible, are their any concerns that I should be aware of for approaching it this way instead of just using a Marketo landing page?

Thanks,

Courtney

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Level 10 - Community Moderator

Re: Using Marketo Tokens on External Landing Pages

If you're sending someone a link to the landing page, you can simply encode that data (name, sales rep name, sales rep phone) in the URL. Using Velocity, you can Base64-encode it, which is easily decodable in the browser but will look like gibberish to humans ("WyJDb3VydG5leSBUb2JlIiwiUmVwIFJlcHBlcnNvbiIsIjIxMi01NTUtMTIxMiJd" encodes "Courtney Tobe","Rep Repperson","212-555-1212"). Or you can actually encrypt the data and then have your web server (PHP if WordPress, etc.) decrypt it and output it in the page. 

View solution in original post

10 REPLIES 10
Highlighted
Level 10 - Community Moderator

Re: Using Marketo Tokens on External Landing Pages

No, it is not possible (or more accurately, it is not possible for a site to pass rudimentary checks for risk, security, or simply professionalism if you use the API in this way).

Highlighted
Anonymous
Not applicable

Re: Using Marketo Tokens on External Landing Pages

So just to be clear, you're saying it's a security issue and that's why it's not possible? That the API could probably do it, but we shouldn't because of the security risks involved? Just want to make sure I understand so I know how to communicate back to my developer. Thanks!

Highlighted
Level 10 - Community Moderator

Re: Using Marketo Tokens on External Landing Pages

I'm saying the API is not designed for this use case. It must not be called in response to individual public pageviews; even if the calls are proxied via an intermediate server to shield your API credentials from direct exposure, you're still making your API world-usable. A malicious user can shut down access to this integration and all your other integrations if exposed like this. And, of course, they can easily read data from your Marketo database.

if your developer is even lightly security-aware the risks should already be clear, otherwise they shouldn't be entrusted with API creds IMO!

It's possible to use other, safer methods to embed field values in non-Marketo LPs (not necessarily "tokens" per se but their values). What are you actually trying to do?

Highlighted
Anonymous
Not applicable

Re: Using Marketo Tokens on External Landing Pages

We are trying to add elements of personalization to a landing page for a campaign. So say we send you, Sanford, an email with a link to the landing page. When you get to the landing page, we would like for it to say "your name" "your personal sales rep" and "your sales reps phone number" "your sales rep email address." We would like to use tokens so that this information is pulled dynamically onto the page. I know that this is possible via Marketo landing pages, but my developers would prefer to design and develop the page externally because of some of the restrictions with Marketo landing pages. If hosting the pages within Marketo is the best way to go for security purposes to achieve this objective, however, than that's what I will tell them to do.

Highlighted
Level 10 - Community Moderator

Re: Using Marketo Tokens on External Landing Pages

If you're sending someone a link to the landing page, you can simply encode that data (name, sales rep name, sales rep phone) in the URL. Using Velocity, you can Base64-encode it, which is easily decodable in the browser but will look like gibberish to humans ("WyJDb3VydG5leSBUb2JlIiwiUmVwIFJlcHBlcnNvbiIsIjIxMi01NTUtMTIxMiJd" encodes "Courtney Tobe","Rep Repperson","212-555-1212"). Or you can actually encrypt the data and then have your web server (PHP if WordPress, etc.) decrypt it and output it in the page. 

View solution in original post

Highlighted
Anonymous
Not applicable

Re: Using Marketo Tokens on External Landing Pages

Great, thank you so much, Sanford! This is just what I was looking for. Thanks again!

Highlighted
Level 1

Re: Using Marketo Tokens on External Landing Pages

I've searched high and low and was unable to find how to base64-encode a string in marketo. Could you please point me to where I could find the information?

Highlighted
Level 10 - Community Moderator

Re: Using Marketo Tokens on External Landing Pages

#**

    EncodingTool in VTL v1.0.5

    @copyright (c) 2017, 2018 Sanford Whiteman, FigureOne, Inc.

    @license MIT License

*#

#set( $str = "" )

#set( $java = {

  "lang" : {

     "String" : $context.getClass().forName("java.lang.String"),

     "ByteArray" : $str.getBytes().getClass()

  }

} )

#set( $EncodingTool = {} )

#set( $EncodingTool.Base64 = {

    "encoder" : $context.getClass().forName("sun.misc.BASE64Encoder").newInstance(),

    "decoder" : $context.getClass().forName("sun.misc.BASE64Decoder").newInstance(),

    "ENCODED_CHAR_62" : {

      "STANDARD" : "\+",

      "URLSAFE" : "-"

    },

    "ENCODED_CHAR_63" : {

      "STANDARD" : "/",

      "URLSAFE" : "_"

    }

}) 

#set( $EncodingTool.String = {

    "fromByteArray" : $java.lang.String.getConstructor(

        $java.lang.ByteArray,

        $java.lang.String

    )

})

#set( $Base64Encoded = $EncodingTool.Base64.encoder.encodeBuffer($lead.Website.getBytes("utf8")) )

${Base64Encoded}

Highlighted
Level 5

Re: Using Marketo Tokens on External Landing Pages

Recently used this in a campaign!

Just added an escape to make the value URL friendly. 

#set( $Base64Encoded = $esc.url($Base64Encoded) )

Works great, big thanks!