POST Form Data using REST API | Community
Skip to main content
A
Anonymous
June 1, 2018
Solved

POST Form Data using REST API

  • June 1, 2018
  • 1 reply
  • 19315 views

Hi,

My company has recently started integration work on Marketo. We were earlier using Pardot-Salesforce to capture formdata , now the same needs to replaced with Marketo using their REST API.

!

Going through the documentation I dont see any REST API which shows that I can POST data to a form( I have successfully created a form and able to submit data by embedding it in a form) and also linking the form data to the Form Landing Page . The Lead or Form is actually shown as a Member only if I use the Form landing page to post data to it. Though the data is shown under the Marketing studio , if I like search based on email Id

Question

1- How should I replace my existing codebase to use the Marketo Forms , with minimal coding effort.

2- Which endpoint should I use to POST the form data to Marketo. I am sorry I have gone through the documentation twice and implemented a few code examples , But I am not sure which endpoint I should use. I can see that the embed form POSTS data to .marketo.com/index.php/leadCapture/save2 ?

If nothing works , I am going to use this endpoint , though this is not documented in REST documentation.

2- Is it possible to Link the Form's Data (emailId? ) to the actual form ?

@Beth Corby

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by SanfordWhiteman

You actually shouldn't be using the REST API at all for this task because you'll be opening a DoS vulnerability.  Using an API call in response to untrusted user input (a public form post) is a no-no because your daily limit is infinitesimal. A malicious but unskilled actor could use all your calls in a 1/2 hour, and you can't provide proper service to legit users without keeping your input rates high enough to be abused by bad actors. (Note you need a minimum of 2 calls to roughly mirror what a true form post does.)

The /save2 endpoint is even more of a liability from the server side than the API because you're limited to one request every 2 seconds, which doesn't model real-world concurrency.

Instead, you should use the client-side (browser-side) Forms API to submit data in the background to Marketo. This triggers all the proper Form events that a Marketo user expects to use in Smart Campaigns and conversion reporting, and has no rate limit worries.

1 reply

SanfordWhiteman
SanfordWhitemanAccepted solution
Level 10
June 1, 2018

You actually shouldn't be using the REST API at all for this task because you'll be opening a DoS vulnerability.  Using an API call in response to untrusted user input (a public form post) is a no-no because your daily limit is infinitesimal. A malicious but unskilled actor could use all your calls in a 1/2 hour, and you can't provide proper service to legit users without keeping your input rates high enough to be abused by bad actors. (Note you need a minimum of 2 calls to roughly mirror what a true form post does.)

The /save2 endpoint is even more of a liability from the server side than the API because you're limited to one request every 2 seconds, which doesn't model real-world concurrency.

Instead, you should use the client-side (browser-side) Forms API to submit data in the background to Marketo. This triggers all the proper Form events that a Marketo user expects to use in Smart Campaigns and conversion reporting, and has no rate limit worries.

    A
    Anonymous
    June 1, 2018

    We have the forms protected with client side recaptcha , we also have server side implementation of reCaptcha to confirm the recaptcha token , so I guess we have the DOS vector covered

    Can you please share more details on the client-side (browser-side) Forms API ?

    Grégoire_Miche2
    Grégoire_Miche2
    Level 10
    June 1, 2018

    We have the forms protected with client side recaptcha , we also have server side implementation of reCaptcha to confirm the recaptcha token

    Do you think this will prevent a hacker to look at the page source, extract you API logging information and  start posting ugly data to your database, and completely exhaust your API quota within a few hours and saturating the limit of 100 API calls per 20 seconds? You are very optimistic...

    Read http://developers.marketo.com/javascript-api/forms/

    -Greg

      Terms & ConditionsAccessibility statement

      Loading footer...