SanfordWhiteman

Add Munchkin via GTM. That is what you should be testing. (GTM has a special plugin for GA, which means that is not an appropriate testbed.)Technical rule: any elements injected into your markup can be scraped. It's just a fact of browser life.

I feel like we told them the domains we had in the beginning. I thought it was just for this purpose. I could be wrong, this is my tenth instance or so I've touched. You probably are thinking of branding domains, landing page domains, or setting up SPF/DKIM for sending domains. Those are all differ...

Within the above code will contain your Munchkin Code, but it's not actually visible on the site's HTML markup, therefore it keeps your code secure and out of harms way.This is not true, but I'm not going to belabor the point with you if you won't test.

The whole concept of someone being able to swipe your Munchkin code, which is one of the most valuable aspects of Marketo, on ACCIDENT at that, is ridiculous. It completely degrades the quality of your analytics, which in my instance, is a pivotal part of my daily operation.It's a pivotal part of ev...

So even if someone steals your GTM code, with the Marketo Munchkin code buried in itThat''s not what happens. They scrape your website's HTML. That has your Munchkin code not "buried" in it but right there in the markup, injected by GTM before your enemies scrape the site.GTM firing rules determi...

P.S. The same approach is used by embedded Forms 2.0. They can go on any website. And this "decontrol" is, in the end, a good thing. Because based on what I know about Marketo users, they are focused on Marketing and Marketing Ops, but not Web Ops. I know it may seem like a stretch to call this ...

@Michael R There's isn't any such rigorous setup procedure. I can load Munchkin on any of our domain aliases. And rightfully so because we use all of those in advertising.Certainly I can't imagine what contract is being breached as Marketo has no way of knowing that isn't just another site you oper...

A way Marketo could (partially) prevent this would be to have an advanced mode where you would have to list every single domain from which you want to accept analytics calls. This would have to include custom VisitWebPage calls as well. Would also have to be an opt-in feature for Marketo's customer...

Make sure you have either populated your local trusted certs or ignore cert validation.

How are you currently using the SOAP API? Are these strings "Public" and "User" being used as defaults in your code?