Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

Marketo

Authentication & Authorization

  • Marketo connects via OAuth 2.0 with Client Credentials Flow.

  • Client IDs and Client Secrets are provided by custom services that are defined by the customer.

  • Each custom service is owned by an API-Only user which has a set of roles and permissions which authorize the service to perform specific actions.

Base URL

The base url for general API requests depends on Marketo domain and API type. DataGrail uses REST Marketo API.

Example of the base URL: https://832-IXT-616.mktorest.com/rest

Limits

DataGrail restricts the total daily API calls made by the integration to a maximum of 20,000 which represents 40% of the total of 50,000 allowed by Marketo.

Scopes

DataGrail requires customers to configure and grant specific and limited Scopes in order to provide its services for access and deletion privacy requests, as well as periodic system detection:

  • Read-Only Sales Person

  • Read-Only Named Account

  • Read-Only Activity

  • Read-Only Activity Metadata

  • Read-Only Opportunity

  • Read-Write Person

  • Read-Only Custom Object

  • Read-Only Campaign

  • Read-Only Company

Additional scopes are required for activation Responsible Data Discovery functionality (see below).

Rate Limits

  • DataGrail supports requests throttling to stay within 70-80% of specified service rate limits.

  • DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Access

When looking for data subjects PII in Marketo, DataGrail focuses the search around Persons (aka Leads), who are people external to your company, and Sales Person (aka Sales), who are in general employees of your company.

When reviewing data returned by Marketo please note the following:

  1. Only fields with values are returned

  2. Custom fields unique to the organization may also be returned if they may potentially contain PII.

  3. Other Custom Objects may also be returned if they are linked to a Lead or Sales, that may contain PII in one or more fields.

DataGrail also supports the Direct Contact Access workflow for Marketo integration.

Leads

When looking for Leads, DataGrail will try to find that person using email as the primary identifier. If found, DataGrail will then proceed to find all the associated objects (as presented in the schema section) that may potentially contain PII. These objects are Activities, Campaign, Company, Named Accounts, Lists, and Opportunities. Please note that results may vary for each specific Lead.

Sales

When looking for Sales, DataGrail will try to find that person using email as the primary identifier. Unlike Leads, if found, that’s the only object that will be returned.

Endpoints Utilized

  • GET {BASE_URL}/leads.json

  • GET {BASE_URL}/v1/activities/types.json

  • GET {BASE_URL}/v1/activities/pagingtoken.json

  • GET {BASE_URL}/v1/activities.json

Deletion

DataGrail only supports deletion of Leads, at the current moment. The reason to limit such scope, it two fold:

  1. By deleting only the Lead object, that would effectively anonymize associated objects because it would not be possible to link them back to the data subject anymore.

  2. Deletion of objects such as Activities or Opportunities have been considered by some customers as exemptions, since they may be used under other regulations to audit companies services.

DataGrail also supports the Direct Contact Deletion workflow for Marketo integration.

Endpoints Utilized

  • POST {BASE_URL}/v1/leads/delete.json

Responsible Data Discovery

DataGrail supports Responsible Data Discovery (RDD) for Marketo integration. Data discovery is based on the principle of finding any and all personal data that's stored in a data system (see more).

DataGrail uses Marketo Lead Database API endpoints to to fetch schema and metadata. To optimize the number of API requests we are using chains to fetch required objects starting from Activities objects.

For discovery requests, DataGrail will take the following actions:

  • Count number of all records for each of supported objects.
  • Fetch records examples for each of the supported object.
  • Sampling data for the next analysis and classification.

Scopes

DataGrail requires customers to configure and grant specific Scopes in order to provide its services for RDD. This list is different from the limited Scopes described above:

  • Read-Write Schema Standard Field

  • Read-Write Schema Custom Field

  • Read-Only Activity

  • Read-Only Activity Metadata

  • Read-Only Activity Assets

  • Read-Only Company

  • Read-Only Named Account

  • Read-Only Opportunity

  • Read-Only Person

  • Read-Only Sales Person

Endpoints Utilized

  • GET {BASE_URL}/v1/activities/types.json

  • GET {BASE_URL}/v1/leads/schema/fields.json

  • GET {BASE_URL}/v1/namedaccounts/schema/fields.json

  • GET {BASE_URL}/v1/opportunities/schema/fields.json

  • GET {BASE_URL}/v1/opportunities/roles/describe.json

  • GET {BASE_URL}/v1/programs/members/schema/fields.json

  • GET {BASE_URL}/v1/companies/schema/fields.json

  • GET {BASE_URL}/v1/salespersons/describe.json

  • GET {BASE_URL}/v1/activities/pagingtoken.json

  • GET {BASE_URL}/v1/activities.json

  • GET {BASE_URL}/v1/leads.json

  • GET {BASE_URL}/v1/namedaccounts.json

  • GET {BASE_URL}/v1/opportunities.json

  • GET {BASE_URL}/v1/opportunities/roles.json

  • GET {BASE_URL}/asset/v1/programs.json

  • GET {BASE_URL}/v1/programs/{program_id}/members.json

  • GET {BASE_URL}/v1/companies.json

  • GET {BASE_URL}/v1/salespersons.json

 

Need help?
If you have any questions, please reach out to your dedicated CSM or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.