Restrict access using SOAP API for launch point partner

Anonymous
Not applicable

Restrict access using SOAP API for launch point partner

Hi,

We are looking at integrating Wistia, a video analytics tool launchpoint partner to our Marketo using the SOAP API. However we have converns over giving open access to our database through the API and want to restrict this to one-way traffic only, which is all Wistia requires. Does anyone know a what of doing this?

Thanks

4 REPLIES 4
Josh_Hill13
Level 10 - Champion Alumni

Re: Restrict access using SOAP API for launch point partner

I would ask Support on both sides how their code works. If this kind of security is a concern, you may want to put in some middleware.

It depends a bit on how wistia uses the API and what data it can import. What's your real concern here?

Anonymous
Not applicable

Re: Restrict access using SOAP API for launch point partner

Hi Josh,

Thanks for your response. Our main concern is becuase we hold Government data we cannot give access to data to any third parties. Wistia only push cookie informaiton through the API, but becuase the API is open it does give them access.

I will look into the middleware option.

Thanks

Josh_Hill13
Level 10 - Champion Alumni

Re: Restrict access using SOAP API for launch point partner

Yes, you may have to push data to Boomi or another tool, then to another database, then have a one way update process to field blocked fields or even tertiary fields to avoid potential data overwrites.

Or just have Wistia push a file to you for upload.

SanfordWhiteman
Level 10 - Community Moderator

Re: Restrict access using SOAP API for launch point partner

"Push cookie information" is pretty vague.  It suggests write-only access to leads, which wouldn't exactly be protecting your data (it may be protecting it from being read, but not from being overwritten).  What is the actual SOAP API method being called?  Is it syncLead?

No matter what, you should be telling them to use the REST API yesterday. The SOAP API can't be restricted, but at least a REST API-only user can be  given strategic access to only particular objects and have its access revoked.  Still, there comes a moment where if if needs to update an object, it needs access.