Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP Marketing Cloud write interactions via JavaScript from external Website

former_member307928
Discoverer

on ‎2019 Jun 18 2:25 PM

0 Likes
774

Hello,

we are facing difficulties with writing interactions from external website into SAP Marketing Cloud. Due to archtectural reasons, we cannot implement a server-side class to send the interactions as described in the documentation (and recommended) to send over the intractions to SAP Marketing Cloud. So after several analyses we came to the point the only solution for this specific case is to write the interactions directly from JavaScript Code. However, the Sandbox Security (Browser-Side / CORS) does not allow this. For this some HTTP headers within SAP Marketing Cloud have to be set which seems we are not able to. Is there any possiblity to do that?

Best

Dominic

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (4)

Answers (4)

former_member474669
Explorer
‎2020 May 21 1:53 PM
0 Likes

Dear, actually using a call via JS is not the best scenario, due to several security flaws. Ideally, you should use API Management or build an integrator in Java or C # more securely. If you use JS, try using some libraries to obfuscate and protect the code.

May the force be with us

#JEDICRM

Show replies
Show replies
rolf_schumann
Advisor
Advisor
‎2019 Jul 05 1:25 PM
0 Likes

Hi Dominic,

It’s difficult to provide a blanket answer to that. If it is a website that is accessible to the public, our experts would strongly advise against sending OData requests to the backend using JavaScript. Doing so makes it possible for anyone to send manipulated requests, especially since anonymous users either then have credentials or don’t need them anymore.

If the website is considered a secure context, i.e. on a private network or accessible via login, it could be done, but with some difficulty. Assumedly you would have to use a reverse proxy to call the SMC system with the same URL as the actual website.

In general, we would advise against it and suggest again using a server side integration instead.

Best regards,

Rolf Schumann

Show replies
Show replies
former_member307928
Discoverer
‎2019 Jun 24 7:46 AM
0 Likes

Hi Anton,

we have already validated the relevant issues and for this specific purpose other methods to secure the approach will be taken into account. So we are at this point after several investigations stuck with this approach.

Cheers,

Dominic

Show replies
Show replies
Former Member
‎2019 Jun 18 5:48 PM
0 Likes

Hi shounak.deshpande , can you run a validation on the security related question above?

I do not agree with the approach, since JS script injection is usually used for bad purposes. Anyways, I am not an security expert and a quick validation would be nice.

Thanks, Anton

Show replies
Show replies
Ask a Question