16 Replies Latest reply on Oct 22, 2015 11:43 PM by Sanford Whiteman

    Web form API Sync into Marketo - Not Marketo Form - Help!

    Lindsay Zanga

      Hi all,

       

      I wanted our demo request form to be a marketo form but our engineering team insisted on creating our own form and then having an API call into marketo (not sure why they refused to just drop the iframe code in from my pretty form).  Because of this I can't use standard trigger campaigns based on "fills out form" instead I am needing to use a trigger of "lead is created and original source info = web service API or lead source = demo request".  I am wondering if others have forms that sync via API that could give some guidance/best practices on how they manager their trigger campaigns.  Some concerns that I have and am wondering if others have workarounds are:

       

      • Right now when someone submits the demo request form the system would fill in the "lead source" field to be "demo request". However, if the lead is not net new to the system I do not want to override the original source with the new "demo request" source.  But if this is not overridden I do not know how I will know if someone submitted a demo request form or not.  Any ideas on how I could do a workaround? I was wondering if I could do a marketo field checkbox field that passes over via API to say demo request = True.  Then I could run my trigger campaign on "lead source = demo request" or "data value changes and demo request checkbox = true".  I have heard from some people that you shouldn't have more than 1 trigger per smart campaign - is this true? What are the implications of having more than one?

       

      Thanks in advance to anyone who can provide some advice!!

      Lindsay

        • Re: Web form API Sync into Marketo - Not Marketo Form - Help!

          Hi Lindsay,


          Not sure if this will help you. If your major fear is having the field update, you could block the field update from forms fills so the original source will never be overridden. You would go to administration/field management / click on the lead source field/ field actions / block field updates. You can drill down on what you want to block by clicking on block field updates.

           

          Hope this helps.


          Steve

          • Re: Web form API Sync into Marketo - Not Marketo Form - Help!
            Mel Dadoly

            Hi Lindsay,

             

            If you use a server side form post, you can log a form fill activity in Marketo because this posts to a Marketo form (this allows you to continue to use the non-Marketo form). This blog post from our dev blog has more details on that:

            http://developers.marketo.com/blog/server-side-form-post/

            3 of 4 people found this helpful
            • Re: Web form API Sync into Marketo - Not Marketo Form - Help!
              Sanford Whiteman

              Lindsay, the decision to use an API call for every form post was reckless.  You can tell your engineering team I said that. 

               

              I strongly recommend you change the architecture.  You can still use your custom form but use a hidden form post as detailed by Marketo's Kenny E. Then you will no longer be inviting malicious use of your (and Marketo's) infrastructure, and you will be using real form posts so you can trap those events appropriately.

              2 of 2 people found this helpful
                • Re: Web form API Sync into Marketo - Not Marketo Form - Help!
                  Conor Fitzpatrick

                  Hi Sanford,

                   

                  I'm also trying to use an external form to submit into Marketo (HR forms for job applicants) and read Kenny's article. However, I didn't understand how to reference the values in the external form so they'd match up with the corresponding hidden fields in the Marketo form (i.e. how we get test@example.com to be what the user inputted in the non-Marketo form). Can you provide any insight on how to accomplish that?

                  • Re: Web form API Sync into Marketo - Not Marketo Form - Help!
                    Lindsay Zanga

                    Thanks for your advice! As with the Server Side post I have passed this on to my dev team in hopes that this is a solution we can use.  Unfortunately I am not very knowledgable on the API and coding aspects so I will need them to tell me if it is possible. Fingers crossed!! Thanks again

                      • Re: Web form API Sync into Marketo - Not Marketo Form - Help!
                        Sanford Whiteman

                        Certainly the client-side hidden form post is technically possible, since it doesn't involve server code at all (that is, if you didn't have a server you controlled, the server-side options wouldn't be available, but you almost always have control on the client).

                         

                        There are 7 technologies I can think of that could all be described as "posting form data to Marketo."  In decreasing order of preference:

                         

                        1. Display a Marketo form on a Marketo LP.
                        2. Display a Marketo form on an external site using the embed code.
                        3. Display a Marketo form on an external site by embedding a Marketo LP in an IFRAME.
                        4. Display a custom form on an external site and post the data directly to Marketo using the Forms 2.0 API (what we are calling a hidden form post).
                        5. Display a custom form on an external site and post the data directly to Marketo using custom XHR/iframetransport library
                        6. Display a custom form on an external site and post the data to a remote server, then use standard HTTP x-www-form-urlencoded POST to resend the form fields to Marketo.  Do this only if you must not use (4) of (5) for some reason.
                        7. Display a custom form on an external site and post the data to a remote server, then use the Marketo REST or SOAP UIs to update the Marketo database.  Never do this unless you have a compelling technical reason and are aware of the consequences for the reliability of your site.
                        4 of 4 people found this helpful
                          • Re: Web form API Sync into Marketo - Not Marketo Form - Help!
                            Justin Norris

                            Sanford Whiteman

                             

                            Epic list

                             

                            Can you elaborate on the technical consequences of using (7)?

                             

                            (4) seems like the clear way to go when you must use a custom form. Benefit of keeping the fills out form trigger and it's all client side.

                             

                            Do you know if there's any rate limiting or other restriction as with a server-side post?

                              • Re: Web form API Sync into Marketo - Not Marketo Form - Help!
                                Sanford Whiteman

                                With (7) you open your Marketo instance -- and this form post implementation in particular -- to an easy Denial of Service (DoS) attack. Unless you're paying $ for more API calls, you only have 10,000 API calls per day to be shared among all of your integrations.  The daily limit can be just fine as long as you always batch + bulkify your calls. If you have multiple disparate integrations running, set a hard daily max for each or, much better, run them all through a central integration server that acts as your resource governor.

                                 

                                But if you let every form post consume an API call, then a malicious user with a simple home connection can quench your entire daily limit in less than an hour (the API itself limits you to 100 calls every 20s, so it would take all of 33 minutes to send 10,000 calls).  Even if s/he decided to be more leisurely about it, 10,000 is a really low number when you're talking about web hits.  By running what amounts to an API proxy on your public server you're inviting people to deny service to your other API apps -- and, even in the absence of other apps, they can deny service to your forms.

                                 

                                With (4) there's no additional rate limiting beyond 30 posts every 1m per IP address.  Marketo may have some unpublished anti-abuse measures at a much higher level, but those are likely not going to punish your whole instance.

                              • Re: Web form API Sync into Marketo - Not Marketo Form - Help!

                                Does this meant that I can POST to Marketo web servers to create/update a lead record without having to count against my REST API call limit?
                                Does this work for things other than forms? (activities, custom objects, ...)

                                  • Re: Web form API Sync into Marketo - Not Marketo Form - Help!
                                    Sanford Whiteman

                                    You can use the form submission endpoint from a server application, yes. But as you'll be connecting from the same IP, you can only use it once every 2 seconds.  It's not meant as a server API.  (That's why server-side form posts are not a real solution to the dangers of an unmanaged REST API, they just shift the problem around.  Instead of losing posts after the 10,000th hit, you can lose form posts during any period of high traffic.)

                                     

                                    For occasional use, it can definitely be useful, but if you're concerned about 10,000 API calls a day and you're already properly bulkifying your calls, you're well beyond the range of "occasional"!  What kind of stuff are you doing with REST right now?

                                     

                                    P.S. The form endpoint only processes data you can post from a true Marketo form. You can't access those other objects from forms.

                                    1 of 1 people found this helpful
                                      • Re: Web form API Sync into Marketo - Not Marketo Form - Help!

                                        You can't access those other objects from forms.

                                         

                                         

                                        Thanks for the answer!

                                         

                                        We're just in the beginning of integration. We're going the "Marketo-facing integration server cluster" part where anything aimed in that direction goes to a particular pool of workers, for batching and such. We have > 10 years of pre-existing systems, and want Marketo more as a GUI front-end for our marketers, than as a total e-mail/messaging platform, so our integration is somewhat different. Also, we don't have a user's e-mail until they've decided to register for our application (an online game) so we don't as much follow the "browse, whitepaper, newsletter, convert" path -- instead, we already have the user "converted" but now we want to monetize. (And our main channel to users isn't even e-mail -- it's in-game messaging, somewhat like Facebook messaging or a game Guild forum. Fun times!)

                                         

                                        We're actually paying extra for more than 10k API calls per day, because we can't keep Marketo as our system of record for user data -- that has to be in our existing player/user database. Thus, even with batching, there will be significant churn. We also can't really use the public forms API, because the way un-authenticated users can update leads in the Marketo database would be found and gamed by our customers in very little time (they are a creative and tenacious bunch, ferreting out any ***** in the armor to get a leg up.)

                                         

                                        We actually have a subnet of our own IPs, so I guess if we worked hard, we could post once every two seconds per public IP address in our server cluster, but that sounds like a little more duct tape and chewing gum than I think would really be healthy. It's good to understand more about this option, though!

                                          • Re: Web form API Sync into Marketo - Not Marketo Form - Help!
                                            Sanford Whiteman

                                            Actually, you can block people from updating existing fields via form fillouts. Set every field to have a default value and set Block Updates in Field Management.  You can also, to some degree, authenticate form fillouts by including a passphrase and checking equality using a webhook (discarding any updates that don't match) -- though you still use your instance's resources to throw away those malicious posts.

                                             

                                            Regardless of the above hacks, it sounds like your volume demands batch interaction at every turn, not the singleton updates you get with forms. The multiplier on purchasing more API calls (300 x # of calls) is a better deal.

                                             

                                            And good to hear that you're looking at this project with real EIPs in mind.  That's a relative rarity in my experience: most Marketo integrations are quite fragile. Typically nobody is aware of the fragility due to separation of the risk/security and marketing ops teams. As you point out the, let's say, "friendly threat" (as opposed to totally outside threat) is exaggerated in your industry so you have to pay attention, though really everyone should!

                                            1 of 1 people found this helpful