I want to build a custom Unsubscribe form that uses the Marketo REST API to make it happen. Easy enough to update an existing lead but what if the email address is net new? We believe we have a legal obligation to get them loaded up in the Durable Unsubscribe list even though they aren't a lead. Any way to do that directly? We tried a very simple upsert with email address and unsubscribe set to true but the API returned "skipped" and left us wondering if that meant the API was being totally awesome and wrote to the Durable Unsubscribe list or if it didn't like our attempt at all. Anyone know? Anyone know how to get visibility into our Durable Unsubscribe list? If I could do that I'd be able to double check that whatever method I'm using is working properly.
Since we don't want these to count against our DB Size, my back up plan is to create a new lead explicitly, set Unsubscribe to True, wait a couple hours and then delete it. I feel confident that will meet all my requirements but leaves me wishing for a simpler operation. Maybe unsubscribe should be a first class API call.
I opened a support ticket too so if I learn something there I'll update here.
Hi David
Sanford Whiteman would tell you : NEVER use the rest API from a client side code, including a form. It enable Do Attacks very easily.
Now, when you mark a lead as "unsubscribed" (field : unsubscribed, value = True), the email address will be automatically loaded to the durable unsubscribed list, including from the API. SeeDurable Unsubscribe
-Greg
Thanks, Greg. You knew I was about to say it. Moreover, there is no reason to even be tempted to use the API here. A Marketo native form post (or custom form post to the endpoint) by definition performs an upsert.
I guess I didn't state the obvious. I'm talking about a custom form on my own domain handled by server side code (C# in our case). I've never even imagined someone attempting to use the REST service from client side javascript *shudder*.
Any advice with that clarification in mind?
The article you linked to mentions the SOAP API in the context of updating an EXISTING lead. I've done that with the REST API already. That article makes it sound like my back up plan the only option available.
Any way to download/view the list so i can verify if my server side REST API attempt worked?
Hi David Twamley,
The simplest way it to link your custom form to a hidden Marketo form that will fire in the background on the client side, as explained here : Make a Marketo Form Submission in the background
-Greg
If you proxy every form post to Marketo, you're subject to exactly the same DoS attack. Someone with a 56K modem and hardly any skill could bring down your functionality in a half-hour, making it nonoperational for the rest of the day. Simply put, if you aren't doing bulk actions, don't use the API.
In this case, you want to upsert a lead with unsubscribe either preset or changed to True. Use the forms endpoint -- that's what it's for. From the client side. You can use a form that looks however you want it to, and have it post to IIS as well if you need to for some reason. But post to the Marketo forms endpoint. Or, alternately, use Munchkin associateLead, which is also client-side and unmetered.
I weed out noisy submissions before sending them over but your point is taken. I did hit our 10,000/24hr api limit once a couple months ago due to some heavy vulnerability scanning getting past my weeding out algorithm. The good submissions were queued and I pushed the good ones through when the API limit reset. I'll give buik actions some real consideration.
I just created two ideas that I think would be helpful here
Thanks
The problem isn't just the vulnerability of this particular functionality. It's that every API call unnecessarily used is an API call that you can't use for another integration where there is no better, unmetered alternative.