One of our Marketo landing pages, calls an external API to pass some information. For this, the external API client ID and secret are placed on the landing page.
In order to secure this setup, we are planning to use IP restrictions to only allow calls from the landing page to the external server. I just wanted to confirm if we should be concerned regarding IP Spoofing? Also, any other security risks involved with this approach?
Also, will there be extra concerns to do with shared Marketo IP?