SOLVED

Re: Marketo Custom Form functionality

Go to solution
Aviral_Singh2
Level 2

Marketo Custom Form functionality

Hi Everybody,
We have been using programmatic form POSTs to the leadCapture/save and leadCapture/save2 endpoints method in our custom form (where front end fields are different from original Marketo form fields in the form) on our website. As this method is being deprecated we are moving our forms to Forms 2.0 API method, therefore we have encountered a situation where we have to create a new Marketo form against each custom form where a different field has been used. Is there a scalable method through which we can use a single Marketo form in multiple places on our website with different fields?

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: Marketo Custom Form functionality

You don't need separate forms! You can reuse the same form, just add the fields using the addHiddenFields.

View solution in original post

3 REPLIES 3
SanfordWhiteman
Level 10 - Community Moderator

Re: Marketo Custom Form functionality

You don't need separate forms! You can reuse the same form, just add the fields using the addHiddenFields.

Aviral_Singh2
Level 2

Re: Marketo Custom Form functionality

@SanfordWhiteman There is also a Submit form API released in January that can replicate the behavior of Marketo forms. We are also testing this API and it perfectly replicates the behavior the only issue is DOS Vulnerability. 

Our framework is built on JS while testing we made an AJAX call to push data into Marketo where we expose our endpoint and token. This token is active for around 1 hour and can be used to exhaust all our API calls by any Spammer. Is there a way we can avoid this situation in this API?

SanfordWhiteman
Level 10 - Community Moderator

Re: Marketo Custom Form functionality


We are also testing this API and it perfectly replicates the behavior the only issue is DOS Vulnerability. 

Our framework is built on JS while testing we made an AJAX call to push data into Marketo where we expose our endpoint and token. This token is active for around 1 hour and can be used to exhaust all our API calls by any Spammer. Is there a way we can avoid this situation in this API?


I assume you mean the endpoint and token for your custom backend service.

 

If you pass through all the requests from your service's API to the Marketo API, then yes, you still have the same DOS vulnerability — it's like you're creating a custom DOSable facade.

 

There's no way to combat this unless you enforce a very strict — too strict for real life, unfortunately — posts-per-IP-per-minute limit within your custom service.