A

Anonymous

Investigating

Extract soap api credentials for webhook use

Forum|Forum|12 years ago
June 10, 2013
17 replies
3753 views

Hi, I am using an integration which sends request to my application with webhhok and syncs the result using SOAP API.
Different Marketo users can use it so i need to know when calling the soap api to which user to send the data in soap api.
I need to know the encryption key, user id and end point.
What is the best way to do this?
Should i send these parameters in the webhook Payload Template or does any one have an idea of a better way to do this?
Also, is there a way to extract these parameters dynamically using the the token feature?

Thanks,

Marketo

K

kh-lschutte

New Participant

No text available

A

Anonymous

Yes, it is relatively stable, so feel free to store it on your side

A

Anonymous

Thank you Raj for the quick reply,

That's actually what I would have done before reading this thread, I just thought you made it accessible and that I could use it instead.
Just a question regarding the endpoint, once the SOAP API setup, will it always stay the same? If so, I think it's easier to store it on our side as well instead of asking the client to add a token in the url or POST data.

I look forward to the release of the REST APIs.

Regards,

Arthur

A

Anonymous

Arthur
A recent security audit flagged these as vulnerabilities in the product, because these tokens when placed on Landing Pages (LP)s could lead to the compromise of the SOAP credentials. Unfortunately, there is no easy way for us to expose these tokens to only webhooks, so we pulled this feature out to protect our customers from this security hole.

The system.munchkinId token is still available, so here is what we recommend you to do -

1. Ask customers to provide their soapId and soapKey offline to you and map it to their munchkinId. When the webhook call is made, your service will have to do a lookup of the soapId and soapKey from your tables
2. Ask customers to create program tokens that hold the soapId and soapKey and use it in the webhook. Please make sure that they do NOT place these tokens on LPs

We will also be introducing REST APIs with oAuth tokens later this year, which would enable partner applications such as yours to work well without asking for the real credentials.

A

Anonymous

Hi,

I tried to use the system.soapId and system.soapKey but it doesn't work. I looked into the token's list and they are not there, so is there anything I need to do/configure to have them?

Arthur

PS: I setup the SOAP Api already

A

Anonymous

Folks,
The release normally gets rolled out pod by pod, so it is likely that Amnon's subscription has the latest release, but InsideView's does not. I would try again late Friday evening or next week.

Amnon - We have a token for system.munchkinId, which you can use to create the soap endpoint. The pattern is always https://<system.munchkinId>.mktoapi.com/soap/mktows/2_1
Raj

A

Anonymous

I tried it in the post data and not in the url, so i don't know.
this is what i used:
...."externalUser":{{system.soapId}},"externalKey":{{system.soapKey}}
and it worked

A

Anonymous

I tried with this it didnt work. Is the token correct

https://<URL>/sendMessage?message={{lead.id}}&userId={{system.soapId}}

A

Anonymous

I just checked. this works great with the new system tokens:
system.soapId,
system.soapKey

It would be nice to have the same on end point.

thanks

A

Anonymous

yes, June 21 release

Show more replies

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded