To enable a web form to upsert rows into a Marketing Cloud data extension via the REST API, the consultant must create an installed package in Marketing Cloud with appropriate permissions. The correct approach is to ensure the package scope includes Read and Write permissions for data extensions.
Installed Package Overview: In Marketing Cloud, an installed package is used to manage API integrations by providing a client ID and client secret for authentication. The package defines the scope of permissions for API operations, such as accessing or modifying data extensions.
Why Read and Write Permissions are needed:
Read: Allows the API to retrieve data from the data extension (e.g., to check for existing records during an upsert).
Write: Allows the API to insert or update records in the data extension (the upsert operation).
Implementation:
Create an installed package in Marketing Cloud Setup under Platform Tools > Installed Packages.
Add an API integration component (e.g., Server-to-Server or Web App) and configure the scope to include Data Extensions: Read, Write.
Provide the client ID and client secret to the web developer team to authenticate API calls securely.
Why the other options are incorrect:
A. Enable the package for all business units in the Marketing Cloud account: While enabling the package for all business units might be relevant in an Enterprise 2.0 account, it is not the primary requirement. The focus is on ensuring the correct permissions (Read and Write) for the data extension, not necessarily enabling it across all business units unless specified.
B. Create a separate installed package for each individual web form: Creating separate packages for each web form is unnecessary and inefficient. A single package with the appropriate scope can handle multiple API integrations, including multiple web forms, as long as the permissions are correctly configured.
C. Instruct the web team to store the client ID and secret in the client-side code: Storing the client ID and secret in client-side code (e.g., JavaScript in the browser) is a security risk, as it exposes sensitive credentials to end users. Instead, these credentials should be stored securely on the server-side and used in server-to-server API calls.
Exact Extract from Salesforce Documentation:
Installed Packages for API Integration: "Create an installed package to generate a client ID and client secret for API integrations. Specify the scope of permissions, such as Data Extensions Read and Write, to control what the integration can access."(Source: Salesforce Help - Create an Installed Package)
Data Extension API Permissions: "To upsert rows into a data extension via the REST API, the installed package must include Read and Write permissions for Data Extensions to allow retrieving and modifying records."(Source: Salesforce Developer - REST API Data Extension Endpoints)
Submit