Re: Prefill forms on external pages help

Anonymous · ‎08-10-2016

I'm trying to figure this out. I've followed this page:

http://developers.marketo.com/blog/external-page-prefill/

...and the links within.... I'm still at a loss on how to pull this off. Is there a code example I can follow somewhere?

I was able to get the auth and endpoint setup along with the token (which seems to go invalid a lot) - I was able to paste in the address bar and see proper data come back into the browser (https://<host>/rest/v1/leads.json?filterType=cookie&filterValues=<cookie>&fields=email,firstName,lastName,company&access_token=<token>) - but where do I go from here? I am quite certain I have all the pieces setup and ready to go, but don't know how to put them all together to get forms to be prefilled.

Anonymous · ‎02-14-2018

One work around that I've done in the past is to use a Marketo form and populate it on the landing page via an iframe. It's not an ideal solution, but it allows you to use the pre-fill functionality of a Marketo form on the page that you desire, without the security concerns.

SanfordWhiteman · ‎02-14-2018

This is a much more reasonable solution than people give it credit for -- I'd much rather see IFRAMEs than these other fragile solutions.

Alok_Ramsisaria · ‎08-11-2016

Andrew Yaple

We have a couple of Marketo Add-ons which can help you with this. The external landing pages where you want the pre-fill to work, which platform are they built on?

Nav_Singh · ‎08-16-2016

Is there a straight-forward way to do this with ZenDesk?

Alok_Ramsisaria · ‎08-17-2016

Navtej Singh

Yes, it can be done with Zendesk as well. Drop me a line at alok@grazitti.com and we can discuss in detail.

Anonymous · ‎02-13-2018

Hi Alok,

I was just wondering if you had any information on how I would achieve form prefills where the form is sitting within wordpress. I have found myself in the same position, being able to call and receive data but not sure how to piece it all together.

SanfordWhiteman · ‎02-13-2018

Not sure what you're asking, Kurt.

If you're fetching the data in PHP before the page is rendered, then the most efficient way is to export a JavaScript object into the page content in a <script> block and call the Forms API setValues method in that same inline script.

Or you can create a webservice and invoke it via XHR while/after the document content loads (preventing API slowdowns from affecting site performance) and call setValues in the callback.

Of course most such implementations are done incorrectly. (I'm skipping over the inherent DoS vulnerability for the moment and talking about how the Forms API works. For example, the plugin referenced above is implemented incorrectly on the JavaScript side and creates duplicate requests.) So you must be diligent about order of operations and the essentially asynchronous nature of Marketo form rendering.

SanfordWhiteman · ‎08-16-2016

In which direction? zE.identify() can bring data into the ZenDesk widget. Please be specific about where the user will and won't be identified in you scenario.

I should mention that the add-on noted above, however attractive, is still using the methods recommended against in my first post.

SanfordWhiteman · ‎08-10-2016

You cannot access the REST API directly from the browser. The security impact would be catastrophic.

The intent of that blog post is to describe a way that custom server-side code can be used as a gateway between the browser and your Marketo database. However, it is still a very bad idea unless you build in deliberate security and rate-limiting features. Ultimately, you shouldn't create any architecture that uses one API call in response to one uncontrolled end-user action. You don't have enough calls for that.

Anonymous · ‎08-10-2016

So, if I understand correctly, utilizing a method of pre-filling form fields on an external page is not a very good idea?

SanfordWhiteman · ‎08-10-2016

Utilizing a method is not a bad idea, but using that method is a bad idea (especially if you are not a server-side developer).

Anonymous · ‎08-22-2016

Sanford, in your opinion, would a sufficient rate limiter be something like setting a cookie to store the variables, and only doing the API call if the cookie isn't set? As I understand it, your concern is about hitting the API every time someone visits a page. This would seem to get around that.

Nav_Singh · ‎08-23-2016

Created a modified flow on that idea to store that the a form has been filled in a cookie. If the cookie is not present then it won't redirect them past the form. No API calls employed right now. Doesn't seem really efficient.

SanfordWhiteman · ‎08-22-2016

No, because (a) that's still one API call for every new legit visitor per day and (b) that means any malicious visitor just needs to disable/not send cookies.