I have seen this manual https://docs.campaign.adobe.com/doc/AC6.1/en/CFG_API_Web_service_calls.html but I think if I use this I will break the CORS and some security on my site
If you are using AEM for your websites, then it's an OOTB feature.
Otherwise, you have to go with Custom implementations. Follow the given steps:
This way you will not be exposing your credentials, and all the request will be accepted from your site, no other website will be able to exploit your service. Let me know if you need more details.
You can set up a JSSP page in adobe campaign, as an endpoint to receive form submissions from a standard HTML form. Its pretty cool. It puts the form submission directly in the recipients table. Some customization may be needed but check out Advanced tips and tricks on this video Recap - Campaign Wednesdays and they run through it in the first 10 min,
Thank you for your reply Amit.
We use Adobe Campaign version 6.1.1.
We have several forms on Adobe campaign and I would like to embed them into our pages so visitors don't need to open a new tab to fill the form.
I would like to use the XML forms and just push the form on the site when is available. But, you confirmed my "fear" that the credentials must be available on the client side, which I don't want to happen.
Please may you describe a bit more your requirement and your Adobe Campaign version as well (ACS or AC v6.x.y/v7.0)?
ACS and AC v6/v7 have different possibilities including API, please confirm your environment.
Do you mean including Adobe Campaign webApp (standard or microsites) through html iframe object?
Or do you intend to display Adobe Campaign forms (XML forms) needing AC authentication and an operator account?
Or rather, as far as I guess from your request, do you want to develop your own html web form on your own web site, and call some Adobe Campaign SOAP calls to trigger some actions (deliveries, save profiles data in AC database, etc).
But in that case, the best thing is to do it at Web server side, not on the client, either in JSSP, or JSP, or php or .NET whatever your choice.
So there are no CORS issues because you can manage cross-domain on your Apache/Tomcat/IIS/nginx settings.