1 Reply Latest reply on Aug 12, 2015 9:51 AM by Sanford Whiteman

    SOAP and Rest API accept any string value including invalid email addresses in email field

      We have recently discovered that although Marketo has validation rules for the email field when you enter the information directly into Marketo or attempt to update and email address those same validation rules do not apply when the API is used.  We discovered this defect when we noticed data corruption while merging possible duplicates.  In our case the value entered into the email field was "Array" because there were multiple email addresses stored in the email field that was mapped via our Sugar CRM connector. 

       

      Although Sugar CRM has validation rules on their side which would not allow Marketo to push invalid emails into Sugar, Marketo's API does not.

       

      It appears the validation rules in the Marketo interface are the following:

      1. Must have at least 1 alphanumeric at the beginning
      2. Must have an @ sign
      3. Must have at least one alphanumeric following the @ sign
      4. Must have a period (.)
      5. Must have at least 2 alpha after the period

      The API allows any value to be entered.  Marketo support has confirmed that "The expected behavior for both the SOAP and Rest API is to accept any string value passed to the Email field. The same is true for any native CRM integrations with Marketo where a CRM would allow invalid Email Addresses to be stored and as a result they will sync down to Marketo. You'll want to validate the information when it's being captured prior to being sent to Marketo through the API."

       

      In Sugar multiple email addresses can be stored in email1 as an Array.  In our case the word "Array" was inserted into the email field in Marketo in every record where there were multiple email addresses.  At minimum the result is an endless loop of activity in the logs indicating a continues reset of the unsubscribe value.

       

      Has anyone else encountered this?  Does anyone else think there should be validation of the email address field?

        • Re: SOAP and Rest API accept any string value including invalid email addresses in email field
          Sanford Whiteman

          It isn't standard for APIs to perform this kind of check -- not that they couldn't, but it isn't a defect if they don't IMO.  Field validation at the UI level is usually best-effort (especially for things like emails) and it's actually a good thing that you have a way around it.  For one example, if your CRM uses non-traditional ways of storing email addresses, such as the old Lotus Notes messaging format, you don't want to lose that data or block the sync, or if your CRM allows a user to store an address with angle brackets, and so on.

           

          Since Sugar is letting you store multiple email addresses, don't you have to create a workaround in Sugar?  Seeing 'Array' suggests that toString() was run on a PHP array that doesn't have an overloaded serializer.  That didn't happen in Marketo, right?