Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar

Prefill Gravity Form from Marketo Data

Mx_Braze
Level 2
Level 2
Tuesday
Tuesday

Prefill Gravity Form from Marketo Data

I've been tasked with something that's a bit out of my depth. Here's a quick rundown of the process I'm supposed to enact:

1. Person gets email with a link to fill out a Gravity Form on our own website

2. Marketo sends data about the person (including their email address and some other attributes) to the form
3. The form sees this info coming and hides any fields that are prefilled from the form
4. Person fills out any missing info and hits "Apply" button. Sees "Thanks for applying" message

In an ideal situation, Marketo will have all of the data needed by the form and upon clicking the email link, theyn will just see a "thanks for applying" message and be done with it. At first I thought, "I can just append the data to the URL generated when they click the link" but I'm definitely not going to do that with someone's email address. I searched around on here and keep seeing people talk about a solution on a page that no longer exists (http://developers.marketo.com/blog/external-page-prefill/). Of course I also saw a bunch of people comment on how that method wasn't secure, so that's probably why it's gone.

Does anyone know a secure method to accomplish this? I'm generally pretty good at reverse engineering things so if there's a tutorial that comes anywhere close to what I'm describing, I'll gladly try to work it out. I just can't find anything in the documentation that's anywhere close to what I'm trying to do.

0 Likes
31
Reply
1 REPLY 1
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
Tuesday
Tuesday

Re: Prefill Gravity Form from Marketo Data

Search for "SimpleDTO." That's my cross-domain Pre-Fill solution, works for any form (or just for personalization), trusted by dozens of sites.

You can make it as secure as you want — as secure as native pre-fill, i.e. only using mkt_tok, or slightly looser.

 

At first I thought, "I can just append the data to the URL generated when they click the link" but I'm definitely not going to do that with someone's email address.

FTR, most people’s (relative) concerns about this are vastly overblown. Any link that automatically fetches the person’s email address value is as insecure as appending the value itself.

 

That is, if https://click.example.com/1234 takes me to https://pages.example.com/somepage.html?mkt_tok=5678, and /somepage.html pre-fills my email address, there’s no material difference between that and sending https://pages.example.com/somepage.html?email=sandy@example.com&mkt_tok=5678. In both cases, if I manage to snatch the tracked URL, I have your email address.

 

Lots of energy is wasted worrying about “PII in GET” that just amounts to the same leak in the end, because the email address is revealed on the destination page without user intervention. (On the other hand, if you never fetch the email address or any other data, that’s a different story.)

0 Likes
29
Reply
Home