2 Replies Latest reply on Jul 12, 2018 6:11 PM by Simon Lessard

    Validation on form submission

    Simon Lessard

      Hey,

       

      Our web team came to me asking how they can leverage Marketo api to get to this goal:

       

      Only people (email addresses) attending an event can access content behind a non-Marketo form, hosted on a non-Marketo page.

       

      I want to give guidance to devs and I want to have your feedback on those paths:

       

      1. Static list api - Upon form submission, a validation is performed to see if the person is member of static list

      2. Program membership + status - Upon form submission, a validation is performed to see if the person is member of event program with "attended" status.

       

      What other path should I explore?

       

      Thanks for your feedback

        • Re: Validation on form submission
          Sanford Whiteman

          We call this a Lead Lookup Form as opposed to "validation" (since the concept of validation and the onValidate event exist as part of the Forms 2.0 JS API and don't really have anything to do with this).

           

          The answer is actually that neither of these lookup methods can be used from a public-facing form.  It's a gaping Denial of Service hole if you should attempt to use any Marketo API for untrusted requests.

           

          What you can build, without the API, is a lookup form based on lead field values or segment membership, since those can be (after a fashion) interrogated by polling for the lead to be associated and loading an LP with representative tokens/content.

          1 of 1 people found this helpful