3 Replies Latest reply on Feb 8, 2018 10:36 PM by Sanford Whiteman

    Custom Activity post through API

    Renju Kesavan

      Hi,

      I am trying to post a custom activity in marketo using the REST API "/rest/v1/activities/external.json" , but getting the status as skipped.

      {"requestId":"XXXX","result":[{"status":"skipped"}],"success":true}

      Below is the payload that I am passing.

      "input":[{

                                              "leadId": leadId,

                                              "status": "updated",

                                              "activityDate": "2018-02-08T06:36:25Z",

                                              "activityTypeId": 2,

                                              "primaryAttributeValue": "form name",

                                              "attributes": [

                                                          {

                                                            "name": "Client IP Address",

                                                            "value": "xx.xxx.xx.xx"

                                                          },

                                                    {

                                                            "name": "Form Fields",

                                                            "value": "a:20:{s:6:\"module\";s:11:\"leadCapture\";s:6:\"action\";s:5:\"save2\";s:9:\"FirstName\";s:4:\"xxx\";......"

                                                          },

                                                    {

                                                            "name": "Query Parameters",

                                                            "value": null

                                                          }, {

                                                            "name": "Referrer URL",

                                                            "value": "url link"

                                                          },

                                                  {

                                                            "name": "User Agent",

                                                            "value": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36"

                                                          },

                                                  {

                                                            "name": "Webpage ID",

                                                            "value": 1234

                                                          }]

                                      }

                                      ]

       

      If anyone has come across this issue, please give your suggestions.

       

      Thanks

      Renju

        • Re: Custom Activity post through API
          Sanford Whiteman

          That's not a Custom Activity, it's a standard activity type 2.  This is not allowed.

           

          I cannot imagine why you would be trying to forge a form post, including fake PHP serialization. What is the application you're building and why aren't you using the Forms API to do this?

            • Re: Custom Activity post through API
              Manish Khemani

              Hello San, I am working with Renju (who has originally posted this query)

               

              Our Main Objective is to enable Server Side Validations for Marketo forms on our company website. Currently, as per Marketo Customer Care,  only client side validation is possible on forms. So, We will create a form on our company website and map it to to a Marketo Form (id). Now, when a user fills out the form on our company website we want to log her /his form-fill-out activity in Marketo for the Marketo form id. How do we achieve this? If you could please guide,

               

              Many Thanks,

               

              Manish Khemani

                • Re: Custom Activity post through API
                  Sanford Whiteman

                  First of all, I wouldn't advise you to forward form data via the API unless you have a complete and well-thought-out rate-limiting mechanism in place. If you consume one API call for every public form post, it's trivial for someone to use up all of your API calls for the day in about 1/2 hour. 

                   

                  If you don't program defensively and with the stability of your other integrations in mind, you'll end up with a gaping DoS vulnerability in the course of adding validation -- a net loss and a risk that a professional business can't take.

                   

                  The native Marketo forms endpoint can accept 43,200 form posts per day, per source IP, providing adequate protection against DoS attacks while still servicing real-world traffic. Your solution, on the other hand, cannot possibly service more than 50,000 form posts per day, total -- and far less than that if you're using other integrations -- an infinitesimal fraction of the capacity of the true forms endpoint. So you must carefully manage those 50,000 (or less) calls to ensure, as much as possible, that they are allocated for legitimate use. This is not something you turn out overnight by merely checking values and forwarding them to Marketo via API.

                   

                  With the API, there is no supported way to create a Filled Out Form activity in the Marketo Activity Log. Those activities only happen via a client-side Marketo form; reverse-engineering the forms endpoint for server-side use is no longer supported. You don't need a Custom Activity, either. Instead, call the REST API Push Lead method to get fairly close to a Filled Out Form. Though missing some forms functionality, it will likely be fine for your case.

                   

                  You might also consider signing Marketo form payloads using your outside validation service, then passing the signed form data through the standard client-side Marketo form. You then call a webhook on the Marketo server side to check the signature and accept the data if it's valid. You don't write directly to primary fields (write the unvalidated form data to proxy field(s)), and you block field updates, so no unvalidated data will enter your primary fields.