Pre-form fills using API | Community
Skip to main content
Jessica_Ruffalo
Jessica_Ruffalo
Level 4
September 16, 2015
Question

Pre-form fills using API

  • September 16, 2015
  • 2 replies
  • 3210 views

Has anyone used preform fills using API? How did you do that? 

We are looking to create this for our subscription center in our website and want to ensure that when someones email address is populated, their subscription settings are visible.  We know Marketo has the cookies but we are looking for a permanent option incase the user clears their cache or is using a different browser, device, etc.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

SanfordWhiteman
SanfordWhiteman
Level 10
September 16, 2015

First of all, using REST/SOAP API calls in response to individual user activities is best left unconsidered, because it creates a DoS vulnerability.  I know I say this all the time, but that's because it's a major issue. Any hacker can send 10,000 calls (that's a very, very small number) to a page that uses the API behind the scenes, and then your functionality.is done for.  The APIs should be used for bulk actions happening server-to-server: that's where they shine and where daily call limits are (mostly) fine because you work in big batches.


Second, just to be clear, you can't use the APIs directly from the browser in any case.  They need to be proxied via a back-end server, which means you need both front-end and back-end devs working on something like this.

It's better to work solely in the browser.  If you want a quick-and-dirty solution for your case, embed a Marketo form (with prefill turned on) in an IFRAME.  If the user happens to clear their cookies, then when they reenter their email address, say "please wait" while you submit the form, pause, then reload it from the server.  When it reloads, it'll have their data.  No API calls necessary.

A
Anonymous
September 21, 2015

Hi Sanford,

I'm working on a similar problem to Jessica.  The suggestion of an IFRAME won't work for the use case... but I will keep that in the bag of tricks for later.  =)

Do you know if the RTP 'Get Visitor Data' function returns data that could autofill a form by chance? We don't have the RTP module currently for me to test.  http://developers.marketo.com/documentation/websites/rtp-js-api/  

Presently, we have a javascript AJAX call sending the Cookie Id to a server side .php script that queries MKTO and JSON encodes data.  There's then a callback which autofills field values via jQuery to populate the form.

It's not the best I know.  If it's any consolation, I am checking the    .$_SERVER['HTTP_REFERER'];  to make sure the request is from a company site, this still has holes though.   Any insight appreciated.

thx!

SanfordWhiteman
SanfordWhiteman
Level 10
September 22, 2015

I don't know anything about RTP (we don't have the module, either) but it seems unlikely.

Checking the Referer wouldn't make any difference, as a malicious user would just fake the Referer.  The direct problem is the tight coupling of one form post = one API call.  Like I said to another user, if the limit were 500,000+ (even 100,000+ for some poorly engineered sites) you could make the argument that the site itself couldn't handle that many page views in a day, so the API calls aren't the weak link.  But any site worth putting on the net can handle 10,000 calls in a day, which means the API calls are a primary DoS vector.  I wouldn't feel comfortable saying a site is rated at 9,999 calls per day before it starts breaking down.

J
Adobe Employee
JohnCl9Adobe Employee
Adobe Employee
September 16, 2015

Hi Jessica,

The developer blog has an article on this.  http://developers.marketo.com/blog/external-page-prefill/

Please note that you'll want to have a web developer familiar with the concepts discussed in the article to help implement this.

John

Terms & ConditionsAccessibility statement

Loading footer...