3 Replies Latest reply on Sep 30, 2014 9:35 PM by 67727

    form pre-fill using email link

      Hi, I want to pefill a Marketo form using a Marketo sent email. I understand that this can be done by using cookies, or passing parameters in the query string. However, I am concerned about the following issues:

      - If cookies are disabled by the client browser, the form will not get filled.

      - In case of using query string, the information is a little sensitive and I am not sure of how safe this approach would be. Can the information be hidden in the url? Alternatively, can it be encrypted. If yes, what would be the approach?

        • Re: form pre-fill using email link
          Kyle Halstvedt

          Is this Marketo form hosted on a Marketo landing page, or embedded somewhere else? Have the users you are targeting already been cookied on the form's domain by Munchkin?

          The querystring method does have its pitfalls, and without SSL encryption, that information is sent in-the-clear. If the page you are sending the request to has SSL (and the request is sent via HTTPS), the request itself (including the URL and its querystring parameters) is encrypted. This does protect the contents of the querystring from basic packet-sniffing.

          However, the URL + querystring would be stored unencrypted in multiple, potentially insecure locations:
          - The email body
          - The user's browsing history
          - The webserver's logs

          Depending on how sensitive the information is, this could be a dealbreaker, specifically because you are storing the unencrypted information on someone else's computer (your user's).

          Hope this helps.

          • Re: form pre-fill using email link
            Let’s first answer your questions.

            Yes, if cookies are disabled the form won’t work. Cookies store data that the form looks for to prefill form fields. With cookies disabled, not data is store and Marketo won’t prefill anything. If cookies are disabled, most likely JavaScript will be also disabled in which case NOTHING will work, not cookies, nor URL parameters, nor even the Marketo forms.  

            Passing information through the URL will work but a few caveats:
            1.           URLs might end up being really long
            2.           Other tracking tools that you might be using (Google Analytics) will also store the data passed in the URL. In the case of google analytics it will track the page views for that page for every different values passed in the URL which might create reporting problems later.
            3.           Passing personal identifiable information should never be done. Same for any sensitive information you have.
            4.           The URL can pass parameters through a GET method or a POST method. POST will be what you say hidden but the Marketo form won’t find it. Also you cannot make POST requests from an email.
            5.           You could go through the trouble of encrypting the values in the URL but then Marketo will prefill with the encrypted info. You could work a way to decrypt the values on the client side using JavaScript but it will be challenging. Again if JavaScript is disabled this won’t work.
            I think the best approach will be to use session cookies so the values are stored only while the browser is open. If the cookie is created from the server, maybe you can pass a token within the URL and use that to fetch for the parameters that you will store in cookies that then Marketo will grab for the form. Keep in mind that Marketo will not create the cookie; it uses the values of cookies created in your domain. Also if you are using Marketo landing pages you do not have access to server side and your cookies will be created on the client side which will be insecure for your data.

            This might look complicated but any web developer (well maybe not any) will be able to work with you. I do not believe that Marketo will solve your problem out of the box.

            Good luck!
            • Re: form pre-fill using email link
              Hi, Thank you for your replies.

              Kyle - The form is embedded in a Marketo Landing Page, but we are not using SSL encrypted forms at the moment.
              As far as storing that information on the user's computer is concerned, that is not too much of an issue since it is that user's information itself.
              However I understand that this is not the safest way to go about it, which is why I think that using a session cookie, as Fernando has suggested, will be a better approach.

              Thanks again for the answers!