Is there a way to restrict a Marketo Trigger Campaign so only a specific API user can request it?

Abhi1405

Hi everyone,

I’m working with multiple API-only users in Marketo and I want to control which API user can activate certain trigger campaigns.

Specifically, I'm trying to achieve two things:

Restrict a trigger campaign so only one specific API user can request/activate it, and prevent other API users from doing so.
Add some kind of filter or condition inside the trigger campaign so that even if multiple API users can technically make the API request, only the request coming from the intended API user will allow the record to flow through the campaign.

Is there any native way or filter in Marketo that lets us detect which API user triggered the campaign? If not, what’s the recommended workaround?

Thanks!

SanfordWhiteman

There's no native functionality like this. I would use an API Gateway for more security, i.e. the API users must connect via an intermediate server that does JSON Schema validation/additional authorization.

One hack that can kind of accomplish this is requiring a {{my.token}} be passed with a specific value (you can pass {{my.tokens}} with the Request Campaign API). Then you can (a) check for that value in a Velocity token and forcibly soft bounce the email if it's not present, and/or (b) pass that {{my.token}} to a webhook which checks if it has the right value and only lets the flow proceed if it matches.

SanfordWhiteman

And there’s another option, which is to not use the Request Campaign API at all. Switch to the Push Lead API and you can filter the trigger on Reason; make the user pass a special, unique reason code.