We have a requirement to send sms notifications to customers from Marketo and to achieve this we have involved a vendor who will consume our data using API.
Adding vendor static IP has any security concerns? We are not sure how much data they pull from Marketo database.
Can you please provide suggestions on how to restrict or limit data?
API role has read/write permissions on contact.
I'm extrremely wary of giving direct API access to Marketo to any vendor who doesn't strictly require it (due to shortcomings in their own design).
If they can connect via a URL that you supply, then set up an API gateway, for example using Amazon APIGW. You can grant them access to the gateway using a separate API key, which they'll supply in addition to the client_id and client_secret. This protects your API calls from abuse, so you can ensure that multiple integrations (you will add more later, even if you only have one now) cooperate with each other.
Even better, but somewhat more complex to build in AWS, don't give them the client_id and client_secret at all but rather manage it within the APIGW config (in a mapping template). This prohibits them from going around the API gw to go straight to Marketo by accident/maliciously, since they don't actually have Marketo credentials.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.