Re: Prefill forms on external pages help

Anonymous · ‎08-10-2016

I'm trying to figure this out. I've followed this page:

http://developers.marketo.com/blog/external-page-prefill/

...and the links within.... I'm still at a loss on how to pull this off. Is there a code example I can follow somewhere?

I was able to get the auth and endpoint setup along with the token (which seems to go invalid a lot) - I was able to paste in the address bar and see proper data come back into the browser (https://<host>/rest/v1/leads.json?filterType=cookie&filterValues=<cookie>&fields=email,firstName,lastName,company&access_token=<token>) - but where do I go from here? I am quite certain I have all the pieces setup and ready to go, but don't know how to put them all together to get forms to be prefilled.

SanfordWhiteman · ‎08-10-2016

You cannot access the REST API directly from the browser. The security impact would be catastrophic.

The intent of that blog post is to describe a way that custom server-side code can be used as a gateway between the browser and your Marketo database. However, it is still a very bad idea unless you build in deliberate security and rate-limiting features. Ultimately, you shouldn't create any architecture that uses one API call in response to one uncontrolled end-user action. You don't have enough calls for that.

Anonymous · ‎08-10-2016

So, if I understand correctly, utilizing a method of pre-filling form fields on an external page is not a very good idea?

SanfordWhiteman · ‎08-10-2016

Utilizing a method is not a bad idea, but using that method is a bad idea (especially if you are not a server-side developer).

Anonymous · ‎08-22-2016

Sanford, in your opinion, would a sufficient rate limiter be something like setting a cookie to store the variables, and only doing the API call if the cookie isn't set? As I understand it, your concern is about hitting the API every time someone visits a page. This would seem to get around that.

SanfordWhiteman · ‎08-22-2016

No, because (a) that's still one API call for every new legit visitor per day and (b) that means any malicious visitor just needs to disable/not send cookies.

Nav_Singh · ‎08-23-2016

Created a modified flow on that idea to store that the a form has been filled in a cookie. If the cookie is not present then it won't redirect them past the form. No API calls employed right now. Doesn't seem really efficient.

Alok_Ramsisaria · ‎08-11-2016

Andrew Yaple

We have a couple of Marketo Add-ons which can help you with this. The external landing pages where you want the pre-fill to work, which platform are they built on?

Nav_Singh · ‎08-16-2016

Is there a straight-forward way to do this with ZenDesk?

SanfordWhiteman · ‎08-16-2016

In which direction? zE.identify() can bring data into the ZenDesk widget. Please be specific about where the user will and won't be identified in you scenario.

I should mention that the add-on noted above, however attractive, is still using the methods recommended against in my first post.