Munchkin Code on Third Party Site

Hi, Gregoire!

If someone is authenticated, could you not use the Associate Lead API call to connect the cookie to Marketo?

POST /rest/v1/leads/{leadId}/associate.json

http://developers.marketo.com/rest-api/endpoint-reference/lead-database-endpoint-reference/#!/Leads/...

Of course, you would need to have the LeadID.

Merci!

You cannot call the REST API from the browser, period.

The Munchkin API associateLead can be used from the browser, but only if you already have a token securely generated. See these posts for more info.

Posting a form in the background is a much better option, IMHO.

To elaborate a bit on Sanford's point, calling a REST API from a browser, drives some DOS attack risks.

-Greg

It's worse than DoS, it's a complete compromise of your instance. You can never connect directly from the browser because you're exposing credentials (that must be secret) that allow anyone to alter any fields on any lead in your instance.

If you gateway the connection through an intermediate server, then you can mitigate the worst risk by ensuring that only the associateLead method is called and only with particular fields. But that's when you have an open DoS vulnerability.

Greg, what if they already know WHO these leads are?  For example, they want to track activity after a user clicks on a CTA link within an email.  No form required here since user is already known.

Hi Dan,

Yes you are right, which is why I wrote:

Unless the site in question can recognize the lead

There are other ways, such as if the 3rd part site is a portal and the lead is authenticated.

-Greg

Hi James,

If the 2 sites are on the same domain, provided that the Marketo Munchkin code is set at the right (common) domain level, as written by Sanford, the lead will be tracked on both sites, without any need to do anything else.

If the 2 sites are on different domains, you need to pass a lead identification information in the transfer URL (http://www.a.com/page.html?email=lead.email@domain.com//www.a.com/page.html?email=lead.email@domain.com) and capture it when the lead arrives on the page on site A and post that info in the hidden form.

-Greg

Hi James,

- The user will have had to fill out a form on www.DomainA.com so that their email address is stored in a cookie.

This is not correct: the email will NOT be stored in a cookie (at least not without some custom development) and if it was, that cookie could not be read in DomainB.com. You will have to make sure that, on the link to domainB in domainA, the email is included in the URL.

- The script will be included on a web page on www.DomainB.com but run from DomainA.com, so that the script on a DomainB.com Web Page can get to DomainA.com cookies, to get the email address

This does not make sense (sorry for being so blunt): the script runs on the client side and is dependent on the domain you are reading. so the script will run on domainB, so it can only read cookies created in domainB. Hence again the need to transfer the lead identification (email) through the URL and not through a cookie.

- The script submits a hidden form when the page on DomainB.com loads

Yes, but the hidden form submission reads the URL parameter through a hidden field (as explained by Sanford above).

-Greg

Can I have the script on www.DomainA.com send the information about what page was visited on www.DomainB.com? I think that could work because the URL of the page being visited is not in the cookies.

You mean send to DomainB the URL of the page that was visited on DomainA before they switched sites?

This information is already passed as the document.referrer.  (Except for the specific case where DomainA is on https:// and DomainB is on http://.  In this case, the referrer will not be automatically passed, so you can manually append the current page to the destination URL: http://www.exampleB.com/?prev=https://www.exampleA.com/sourcepage.html.)

Hey Sanford,

Was wondering if this method works reasonably with CVent? I'm stuck using them for a project and I know they're very restrictive with what javascript you are able to inject or edit on their page. 

While I have munchkin loading on the page it's a moot point since it won't get logged back to Marketo.

Is something like this feasible http://developers.marketo.com/blog/make-a-marketo-form-submission-in-the-background/

for such a use-case?

Thanks

If you can get an identifying piece of info from site to site I would sooner use the mkt_tok. But yes, if you send the email from site to site you can do a hidden form post with it.

Visited Web Page {URL}services.html on DomainB.com another way to put it Visited Web Page DomainB.com/services/

The link click from DomainA to DomainB can/should already be logged as a Clicked Link on Web Page activity, with the target of the link (DomainB) included in the log.

While you could fake a Visited Web Page activity using the Munchkin API, you don't want a VWP here because it will appear as if the page is under DomainA.

Hi James,

"Visit web page" activities are logged by the munchkin code, not by the URL click tracking (which would lead to a "click link" activity). The activity will be logged only if the lead is known in both domains, meaning a Marketo form has been posted in both domains.

-Greg

"Visit web page" activities are logged by the munchkin code, not by the URL click tracking (which would lead to a "click link" activity).

Click Link in Web Page is logged by Munchkin.

Click Link in Email is not logged by Munchkin.

FTR....