Recently I am asked to integrate client Salesforce dataextension centre. After digging into salesforce official website, I found there is an easy way to insert data in Salesforce data extension by calling a RESTfull API (POST /dataevents/key:{key}/rowset)

Here is the API Overview

POST https://www.exacttargetapis.com/hub/v1/dataevents/key:SomeKey/rowsetor POST https://www.exacttargetapis.com/hub/v1/dataevents/11954DDF-28A3-4FE8-BF77-646C37506621/rowset
[ { "keys": { "Email": "someone@example.com" }, "values": { "LastLogin": "2013-05-23T14:32:00Z", "IsActive": true, "FirstName": "John", "FollowerCount": 2, "LastName": "Smith" } } ]

However, there is an issue of this API, which only validate the email address. If email address is matching, the user's profile will be updated. Imagine if someone trying to hack the data extension or even if it's a typo. There is a potential risks that the user profile can be overwritten with wrong data.

For avoiding this, we need a bit of more code to work around.

SaleForce supports to trigger email. So instead of bringing member details to a custom form, but sending an email to the user. Here is a basic workflow

The API for triggering an email is

In this way, member's details wont be disclosed, if the typed email address was wrong.