API token?

Not applicable

API token?

Hello once again, fair community!

A developer on my team is interested in creating a server-side form with fully customized HTML and CSS so they don't have to use form data, and was under the impression this could somehow be done with a token for the Marketo API. I will copy his thoughts below:

"Basically what we are looking to do is write are our own form code rather than use an iframe so we have full control of the HTML and CSS.

The this usually works is that the form end-point (Marketo) provides:

-A form "action" URL that we "post" data to

-A API token that we send with the data showing we are authorized to send the data

-Field name values for each form input. This is how Marketo knows to put what data where.

The Marketo Developer Blog article “Server-Side Form Post” (http://developers.marketo.com/blog/server-side-form-post/) from 2014 suggests that something like this was possible. It surprising me that they considered it an “unsupported API” back in 2014. I’m hoping this is still possible, or even better, is now a supported API / feature.

A potential alternative for solution would be to build the entire single-page site inside of Marketo as a landing page. My understanding is we haven’t done this yet but that it is possible. The challenge would then be how we handle the site as it grows beyond a single-page later in the year."

Now, my understanding is that it would probably be simpler to go with the landing page option, but I wanted to get feedback from the community first before I accidentally point him in the wrong direction! Thanks for all your help in advance.



Level 10 - Community Moderator

Re: API token?

You neither want nor need an API key for custom form posts.  The proper practice is to Make a Marketo Form Submission in the background.

No serious business should use the Marketo API to respond to individual browser activities, nor should you make a server-side form post.  This can come as a surprise to developers who think "API" always means "enterprise."  It does not mean that in every context, and using anything but the preferred method here invites an Denial of Service attack against your site by a (very) junior hacker.

I respond just about every time this topic comes up on the Community, so you can search my old posts if you need more info.

As far as using the LP as an elaborate single-page site, as long as you accept that you do not have a server-side language (except for cross-domain calls you make to non-Marketo server/s), go for it.