In January 2021, we released the Submit Form API endpoint to give Marketo Engage integrators the ability to submit to Marketo Forms through a supported and authenticated REST endpoint. Thanks to customer feedback we were able to identify a lack of parity for critical functionality such as correct handling of duplicate records and support for Program Member Custom Fields. These issues blocked some integrators from successfully onboarding onto the Submit Form API endpoint.
In our August release, we have enhanced the Submit Form endpoint to handle duplicate records the same way as Marketo forms. When there are duplicate records that match an email address submitted to the form, the endpoint will update the record with the most recent Last Modified Date.
In our October 22, 2021 release, we plan to release support for Program Member Custom Fields for the Submit Form REST API endpoint. We understand that integrators will need time to update and test these new changes before they can fully onboard onto the Submit Form endpoint. To allow additional time for migration, we are delaying blocking programmatic POSTs to the /save2 endpoint to our January 21, 2022 release. This will be the final extension.
Programmatic submissions to our form endpoints remain unsupported despite this delay. Please work to update integrations submitting via this method to one that is supported: Marketo Engage forms on Landing Pages or using the embed code, our Forms2.js API, or the Submit Form API endpoint.
In November 2020, we announced that we will forbid programmatic Form POST submissions to our /save and /save2 endpoints beginning May 7, 2021. The reason for this change is to reject methods of unsupported form submissions used by bots to fill customer databases with spam data.
We understand that many customers may need more time to update the integrations to use a supported method such as the Forms2.JS API or the Submit Form REST API endpoint. We have decided to extend the deadline in which we will begin blocking all programmatic Form submissions to take place on October 15, 2021. Programmatic FORM submissions continue to be unsupported and while we are temporarily delaying enabling validation to reject these submissions, we cannot ensure uninterrupted submission following upcoming product and infrastructure changes.
For customers that still wish to block this method of form submission to address bot attacks, will allow you to opt-in to form submission validation on your subscription. This validation will check that form submissions are coming from Marketo Forms, Forms2.js API, or the Submit Form REST API and will reject it otherwise. This is expected to block many common sources of bot attacks.
However, if you have a form integration that currently uses programmatic Form POST to submit lead data, enabling this feature will also block your Form submissions. We encourage all customers to migrate to a supported method of form submissions as soon as possible to protect their subscriptions from bot attacks.
The original announcement is below for reference. The details remain the same aside from the schedule to block programmatic form POST submissions.
In our May 7, 2021 release, Marketo Engage will be making changes to our form platform to protect the stability and security of our infrastructure:
On August 1, 2017, Marketo Engage deprecated the Forms 1.0 editor, removing the ability to create or edit Forms 1.0 assets. This change will complete our end of life efforts for Forms 1.0.
In addition, we have found that our Form endpoints “leadCapture/save” and “leadCapture/save2” are common targets for bot attacks. To protect the stability of the Marketo Engage infrastructure, and to aid customers in maintaining a clean database, we are completely disabling the “leadCapture/save” endpoint and enforcing checksum validation on the “leadCapture/save2” endpoint.
Provisioning of Marketo Engage subscriptions with the ability to create Forms 1.0 assets ended December 31, 2014. If your subscription was provisioned after this date, then it will not have Form 1.0 assets. Forms 2.0 assets will be unaffected by this change.
Marketo Engage subscriptions provisioned before December 31, 2014 may still be utilizing Forms 1.0 assets on their landing pages and website. These forms will need to be remade in our Forms 2.0 editor and replaced wherever they are still being used.
Some integrations may be performing programmatic form POSTs to “leadCapture/save" or “leadCapture/save2” to submit data into Marketo Engage databases. This method of data ingestion has always been unsupported and will cease to work as part of this deprecation. All integrations using programmatic form POSTs must be updated to use our Forms 2.0 API, Push Lead REST API, or the Submit Form REST API endpoint releasing in the January 2021 release.
Customers using native Forms 2.0 assets on pages and/or the Forms 2.0 API do not need to take any action. Checksum validation will work natively with these supported methods.
Customers that fail to replace any in-use Forms 1.0 asset with a Form 2.0 asset will find that their customers will be unable to submit to their 1.0 Forms.
Customers using integrations that perform programmatic Form POSTs to the “leadCapture/save” or “leadCapture/save2” endpoints will see these integrations fail, resulting in loss of form submission data.
Forms 1.0 and Forms 2.0 have different look and feel:
Forms 1.0
Forms 2.0
Marketo subscriptions provisioned after December 31, 2014 will only have Forms 2.0 assets.