11 Replies Latest reply on Jun 7, 2018 1:39 AM by Abhay Dhar

    POST Form Data using REST API

    Abhay Dhar

      Hi,

      My company has recently started integration work on Marketo. We were earlier using Pardot-Salesforce to capture formdata , now the same needs to replaced with Marketo using their REST API.

       

       

      !

      Going through the documentation I dont see any REST API which shows that I can POST data to a form( I have successfully created a form and able to submit data by embedding it in a form) and also linking the form data to the Form Landing Page . The Lead or Form is actually shown as a Member only if I use the Form landing page to post data to it. Though the data is shown under the Marketing studio , if I like search based on email Id

       

      Question

      1- How should I replace my existing codebase to use the Marketo Forms , with minimal coding effort.

      2- Which endpoint should I use to POST the form data to Marketo. I am sorry I have gone through the documentation twice and implemented a few code examples , But I am not sure which endpoint I should use. I can see that the embed form POSTS data to .marketo.com/index.php/leadCapture/save2 ?

      If nothing works , I am going to use this endpoint , though this is not documented in REST documentation.

      2- Is it possible to Link the Form's Data (emailId? ) to the actual form ?

       

      @Beth Corby

        • Re: POST Form Data using REST API
          Sanford Whiteman

          You actually shouldn't be using the REST API at all for this task because you'll be opening a DoS vulnerability.  Using an API call in response to untrusted user input (a public form post) is a no-no because your daily limit is infinitesimal. A malicious but unskilled actor could use all your calls in a 1/2 hour, and you can't provide proper service to legit users without keeping your input rates high enough to be abused by bad actors. (Note you need a minimum of 2 calls to roughly mirror what a true form post does.)

           

          The /save2 endpoint is even more of a liability from the server side than the API because you're limited to one request every 2 seconds, which doesn't model real-world concurrency.

           

          Instead, you should use the client-side (browser-side) Forms API to submit data in the background to Marketo. This triggers all the proper Form events that a Marketo user expects to use in Smart Campaigns and conversion reporting, and has no rate limit worries.

            • Re: POST Form Data using REST API
              Abhay Dhar

              We have the forms protected with client side recaptcha , we also have server side implementation of reCaptcha to confirm the recaptcha token , so I guess we have the DOS vector covered

               

              Can you please share more details on the client-side (browser-side) Forms API ?

                • Re: POST Form Data using REST API
                  Grégoire Michel

                  We have the forms protected with client side recaptcha , we also have server side implementation of reCaptcha to confirm the recaptcha token

                   

                  Do you think this will prevent a hacker to look at the page source, extract you API logging information and  start posting ugly data to your database, and completely exhaust your API quota within a few hours and saturating the limit of 100 API calls per 20 seconds? You are very optimistic...

                   

                  Read http://developers.marketo.com/javascript-api/forms/

                   

                  -Greg

                  • Re: POST Form Data using REST API
                    Sanford Whiteman

                    Agree that if you're validating the reCAPTCHA on your server and then intending to hit the true REST API endpoints (Sync and Associate) after that, you're mostly safe with regard to Marketo API limits. (Though now you're charging your server with all those outbound requests to Google, and you should measure what your true capacity is as a result. Outbound reCAPTCHA verifies are probably your new bottleneck in the case of an attack.)

                     

                    Anyway, the reCAPTCHA won't make the /save2 endpoint workable server-to-server. Its capacity is too low for that.

                     

                    Greg has pointed you to the Forms 2.0 API docs. Calling the Forms API from a third-party form is as simple as:

                    • injecting a hidden Marketo form (standard form embed, just set the <form> element to display: none)
                    • capturing your visible form's submit event (native HTML onSubmit or any custom form event model)
                    • passing a JS object w/form fields to Marketo's form.setValues() (using the Marketo field names o' course)
                    • calling Marketo's form.submit()
                      • Re: POST Form Data using REST API
                        Abhay Dhar

                        Hi Sanford,

                         

                        What is the true capacity for the /save2 endpoint ? "The /save2 endpoint is even more of a liability from the server side than the API because you're limited to one request every 2 seconds, which doesn't model real-world concurrency."  - Is there any link which documents this ?

                         

                        Instead, you should use the client-side (browser-side) Forms API to submit data in the background to Marketo. This triggers all the proper Form events that a Marketo user expects to use in Smart Campaigns and conversion reporting, and has no rate limit worries. - I imported the embed code to check the URL to which the form submits data - https://<>.com/index.php/leadCapture/save2 Is the /save2 endpoint , same as this URL , I just want to make sure we are on the same page regarding the /save2 endpoint URL??

                         

                        Sorry , I have missed to add a important point here. We already have a REST API consumption based framework available in our website , which has multiple forms submitting data to PARDOT. PARDOT supplies a form handler URL for each form to which we can POST data from our servers , after recaptcha validation on our server.

                         

                        We would like to reuse this same framework to integrate with Marketo , as we have a tight deadline in which we go live with marketo and pardot license stops.

                         

                        So I would really like to use the /save2 endpoint , but i am not sure if there would be any issues on using this endpoint in terms of API rate limitations

                          • Re: POST Form Data using REST API
                            Sanford Whiteman

                            It is the same /save2 endpoint I'm talking about and the limit is 1 post/2s per source IP.

                             

                            That's why it's fully scalable for real-world client load, but not intended as a server-to-server API, since you will have one (or at most a few) source IPs in your server infrastructure.

                             

                            If you must use a server API, then use the 2 published endpoints indicated above because they can handle real-world concurrency (barring contention with other API consumers, of course, since limits are across your instance not per API account).

                            1 of 1 people found this helpful
                              • Re: POST Form Data using REST API
                                Abhay Dhar

                                Hi, For this line - you must use a server API, then use the 2 published endpoints indicated above

                                You meant - Sync and Associate API for server -to-server calls ?

                                  • Re: POST Form Data using REST API
                                    Sanford Whiteman

                                    You meant - Sync and Associate API for server -to-server calls ?

                                    Yes.

                                      • Re: POST Form Data using REST API
                                        Abhay Dhar

                                        hi @sanford Whiteman,

                                         

                                        1- I can get the LEAD API to create a lead record(sync) in Marketo , but is it possible to associate the Lead record with the Form or FormId ?

                                        I didnt try this with the associate API , because it needs a cookie parameter , I am still trying to figure out how to fetch the Cookie from a webpage. Currently i am testing this as a POC on a windows console application.

                                         

                                        2- The Lead API , does not accept duplicate data set. before creating a lead , Should we first check if the lead exists ? and if yes , then tell the user the same.

                                         

                                        Thanks !

                                        Abhay

                                          • Re: POST Form Data using REST API
                                            Sanford Whiteman

                                            1. A lead record is not associated with a *single* form in Marketo: form activities are many-to-one with leads. You can pass a LastFormName type of field with your API call. Or you can use the Push endpoint instead of Sync to add the person to a Program.

                                             

                                            2. You can dedupe on email or not -- this is entirely under your control. I definitely would *not" do a lead lookup ahead of time. That's just spending more API calls.

                                             

                                            The Munchin cookie is always available via JS.

                                              • Re: POST Form Data using REST API
                                                Abhay Dhar

                                                Thanks Sanford Whiteman for the detailed explanation.

                                                 

                                                We tried the push endpoint and can now associate a lead (new or existing) to a Program Name. My last question is that - Since everything in Marketo is a lead( no duplicates , assuming it uses a unique email id field) , we need to associate a new Lead with same email address with a Program.

                                                 

                                                This is more of a business decision , since we have a lot of front end forms over 5 different websites. In Marketo , we would like to see a unique Lead on each Program (assuming each website will hae its own Program and forms).

                                                 

                                                For all the 5 websites , we can have the same visitors, submitting the same email Id , but would like the Leads to be created based on Program Name , and not get updated , when the user submits the form twice( from a different website).

                                                 

                                                Please share some best practices on this approach.