Re: Munchkin Code on Third Party Site

SanfordWhiteman · ‎04-04-2016

"Visit web page" activities are logged by the munchkin code, not by the URL click tracking (which would lead to a "click link" activity).

Click Link in Web Page is logged by Munchkin.

Click Link in Email is not logged by Munchkin.

FTR....

SanfordWhiteman · ‎04-04-2016

Visited Web Page {URL}services.html on DomainB.com
another way to put it
Visited Web Page DomainB.com/services/

The link click from DomainA to DomainB can/should already be logged as a Clicked Link on Web Page activity, with the target of the link (DomainB) included in the log.

While you could fake a Visited Web Page activity using the Munchkin API, you don't want a VWP here because it will appear as if the page is under DomainA.

Anonymous · ‎04-05-2016

Thanks for the insight!

Nav_Singh1 · ‎09-06-2017

Hey Sanford,

Was wondering if this method works reasonably with CVent? I'm stuck using them for a project and I know they're very restrictive with what javascript you are able to inject or edit on their page.

While I have munchkin loading on the page it's a moot point since it won't get logged back to Marketo.

Is something like this feasible http://developers.marketo.com/blog/make-a-marketo-form-submission-in-the-background/

for such a use-case?

Thanks

SanfordWhiteman · ‎09-06-2017

If you can get an identifying piece of info from site to site I would sooner use the mkt_tok. But yes, if you send the email from site to site you can do a hidden form post with it.

Rob_Alfieri · ‎03-08-2018

Hi, Gregoire!

If someone is authenticated, could you not use the Associate Lead API call to connect the cookie to Marketo?

POST /rest/v1/leads/{leadId}/associate.json

http://developers.marketo.com/rest-api/endpoint-reference/lead-database-endpoint-reference/#!/Leads/...

Of course, you would need to have the LeadID.

Merci!

Rob Alfieri | Principal Solutions Architect | Adobe | Marketo Engage

SanfordWhiteman · ‎03-08-2018

You cannot call the REST API from the browser, period.

The Munchkin API associateLead can be used from the browser, but only if you already have a token securely generated. See these posts for more info.

Grégoire_Miche2 · ‎03-08-2018

Posting a form in the background is a much better option, IMHO.

To elaborate a bit on Sanford's point, calling a REST API from a browser, drives some DOS attack risks.

-Greg

SanfordWhiteman · ‎03-08-2018

It's worse than DoS, it's a complete compromise of your instance. You can never connect directly from the browser because you're exposing credentials (that must be secret) that allow anyone to alter any fields on any lead in your instance.

If you gateway the connection through an intermediate server, then you can mitigate the worst risk by ensuring that only the associateLead method is called and only with particular fields. But that's when you have an open DoS vulnerability.