SanfordWhiteman

With (7) you open your Marketo instance -- and this form post implementation in particular -- to an easy Denial of Service (DoS) attack. Unless you're paying $ for more API calls, you only have 10,000 API calls per day to be shared among all of your integrations. The daily limit can be just fine as...

DJ, I don't think you're passing form data using Munchkin... Munchkin primarily tracks page views and clicks.There are no values stored in the Munchkin cookie. This is a common misperception. The Munchkin cookie associates your browser activities with a new or preexisting lead. The Munchkin API ass...

Certainly the client-side hidden form post is technically possible, since it doesn't involve server code at all (that is, if you didn't have a server you controlled, the server-side options wouldn't be available, but you almost always have control on the client).There are 7 technologies I can think ...

Lindsay, the decision to use an API call for every form post was reckless. You can tell your engineering team I said that. I strongly recommend you change the architecture. You can still use your custom form but use a hidden form post​ as detailed by Marketo's Kenny E. Then you will no longer be...

Jodie, the expression "trigger an email campaign" suggests you want to listen for Data Value Changed events. Thus the value needs to be some kind of Marketo field. While it's theoretically possible to use methods like a "sentinel" score field that you increment when you want to trigger a campaign (...

I'm talking about the DoS risk aspect in addition to the PII leakage aspect. With 10,000 API calls per day shared among all your integrations, you're taking a tremendous risk by allowing individual web actions to take up one API call each. A malicious individual with just a simple cable connectio...

Please read my comment here about the API-based prefill method.

But the technique in that blog post creates a DoS vulnerability for your Marketo instance. A company with an understanding of risk -- if not security per se -- should reject that option out of hand. You'd be ignoring the security concern and allowing malicious users to break your other integrations...

It is still officially the case, for sure. There are, however, crafty ways to engineer this functionality. I demoed one of them at the NY MUG in August. If you want to know more about it, follow me, then I'll follow back and you can PM me. Or just hit me at sandy@figureone.com.

MktoForms2.loadForm("//app-aabb.marketo.com", "XXX-YYY-ZZZ", 123, function(form) { form.setValues({ 'LastFormHostPage': document.location.hostname + document.location.pathname }); });