@SanfordWhiteman thanks 🙂
Can you please help us for few issues as follows
1) We have created Landing page on Marketo and added embed code for forms. before submitting the forms we want to add third party tracking code like we have CTA named "Download" on forms onclick or on forms submission we want to executive that code how we can achieve it.
2) On website forms, we have added background form submission code to submit data to marketo. once someone fills the forms also we are tracking utm parameters, same time we want to send notification to internal team with forms fills data also tracking UTM parameters. User fills data and UTM parameters get captured properly within Marketo but when we set smart campaign to send notification to internal team we created email template with token of forms fields added within email to send dynamic data but its pulls the previous data and sent within notification.
For. X user comes with UTM parameters like utm_source=XYZ, utm_campaign=123, utm_medium=ABC its stored within marketo and send in notification email but if next time UTM parameters values changes or UTM parameters are blank then it will not reflected within email notification its will pulled old UTM values from marketo and send in notification email which is wrong. Can you please suggest how we can achieve this so we can get updated values of UTM parameters it might contain different value or may be blank same should be updated in marketo as well as in notification email.
Waiting for your reply.
Munchkin ID and Form ID are available on every Marketo LP by using that value anyone can create the spam leads in any marketo instance using the above method. Is there any way to stop that? /save or /save2 should not work directly and do not create any lead?
That's the way the Marketo forms endpoint works, Arpit. (And the way any forms endpoint that doesn't specifically require a CSRF token works, not that's it's difficult to simulate a CSRF token.)
As Sanford mentioned, there is no CSRF (Cross-site request forgery) requirement for the marketo forms.
For your information, A CSRF token is a unique, secret, unpredictable value that is generated by the server-side application and transmitted to the client in such a way that it is included in a subsequent HTTP request made by the client. When the later request is made, the server-side application validates that the request includes the expected token and rejects the request if the token is missing or invalid.
CSRF tokens can prevent CSRF attacks by making it impossible for an attacker to construct a fully valid HTTP request suitable for feeding to a victim user. Since the attacker cannot determine or predict the value of a user's CSRF token, they cannot construct a request with all the parameters that are necessary for the application to honor the request.
Yes, and more to the point: for demand gen forms CSRF tokens make no sense, because there's no boundary between the authorized session and an unauthorized session on another domain.