SOLVED

Re: Validation on form submission

Go to solution
Simon_Lessard
Level 4

Validation on form submission

Hey,

Our web team came to me asking how they can leverage Marketo api to get to this goal:

Only people (email addresses) attending an event can access content behind a non-Marketo form, hosted on a non-Marketo page.

I want to give guidance to devs and I want to have your feedback on those paths:

1. Static list api - Upon form submission, a validation is performed to see if the person is member of static list

2. Program membership + status - Upon form submission, a validation is performed to see if the person is member of event program with "attended" status.

What other path should I explore?

Thanks for your feedback

1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: Validation on form submission

We call this a Lead Lookup Form as opposed to "validation" (since the concept of validation and the onValidate event exist as part of the Forms 2.0 JS API and don't really have anything to do with this).

The answer is actually that neither of these lookup methods can be used from a public-facing form.  It's a gaping Denial of Service hole if you should attempt to use any Marketo API for untrusted requests.

What you can build, without the API, is a lookup form based on lead field values or segment membership, since those can be (after a fashion) interrogated by polling for the lead to be associated and loading an LP with representative tokens/content.

View solution in original post

2 REPLIES 2
SanfordWhiteman
Level 10 - Community Moderator

Re: Validation on form submission

We call this a Lead Lookup Form as opposed to "validation" (since the concept of validation and the onValidate event exist as part of the Forms 2.0 JS API and don't really have anything to do with this).

The answer is actually that neither of these lookup methods can be used from a public-facing form.  It's a gaping Denial of Service hole if you should attempt to use any Marketo API for untrusted requests.

What you can build, without the API, is a lookup form based on lead field values or segment membership, since those can be (after a fashion) interrogated by polling for the lead to be associated and loading an LP with representative tokens/content.

Simon_Lessard
Level 4

Re: Validation on form submission

Hey Sanford, thank you for the explanation