{"id":15,"date":"2009-10-27T12:06:10","date_gmt":"2009-10-27T17:06:10","guid":{"rendered":"http:\/\/www.toddnthompson.com\/blog\/?p=15"},"modified":"2019-12-31T10:01:45","modified_gmt":"2019-12-31T15:01:45","slug":"authenticate-users-and-perform-actions-with-infusionsoft-via-a-link","status":"publish","type":"post","link":"https:\/\/www.toddnthompson.com\/blog\/authenticate-users-and-perform-actions-with-infusionsoft-via-a-link","title":{"rendered":"Authenticate Users and perform actions with InfusionSoft via a link"},"content":{"rendered":"<p>Using the InfusionSoft API to perform actions on contacts is a powerful and effective way to manage your prospect and customer database using Infusionsoft.  Some caution is required however, to prevent actions from being executed by those curious people who like to alter the links you send via email.<\/p>\n<p>Here is what I am talking about.  Let&#8217;s say you send an email to your prospects via your Infusionsoft account and you pass the contactId of the prospect in a link to a script on your site, like this: <b>http:\/\/www.YOURDOMAIN.com\/script.php?id=12345<\/b><\/p>\n<p>If you execute an API call to add a tag, run an actionset or start a follow up sequence, just by clicking the link with the id string, you open the door for the curious and bored to mess with your prospect list.  It is too easy to change the id value to another number and refresh the browser resulting in actions to another prospects record.<\/p>\n<p>Ok, this may not be a big concern for you and you may be saying &#8216;no big deal&#8217;.  Let me show a few examples of why it is a big deal.<\/p>\n<p>Let&#8217;s say you link executes an API call to start a new follow up sequence.  If one person refreshes their browser 100 times with different id values, you now potentially have 100 people getting emails they know nothing about and some might say you are spamming them.<\/p>\n<p>Another more troublesome possibility is, if the link executes an action set that performs many actions, like charging their credit card of file for a new product.<\/p>\n<p>I say, do not give your list members the ability to mess with your data at all.<\/p>\n<p>Below is a script I use in many places.  It authenticates a contact to prevent abuse.  It uses the SDK system to connect to the infusionsoft API and can be found in FuseBox inside Infusionsoft -search for SDK.<\/p>\n<p>Please leave comments and let me know what you think.<\/p>\n<p>Thanks.<\/p>\n<p>Todd Thompson<\/p>\n<p>Copy\/paste this code to a notepad documents and save as authenticate_user.php &#8211; or whatever name you wish to give it.<br \/>\n<b><big><a href=\"http:\/\/www.toddnthompson.com\/authenticate_code.php\" target=\"_blank\" rel=\"noopener noreferrer\">Get the PHP code here!<\/a><\/b><\/big>\n<\/p>\n<p>&nbsp;<br \/>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Using the InfusionSoft API to perform actions on contacts is a powerful and effective way to manage your prospect and customer database using Infusionsoft. Some caution is required however, to prevent actions from being executed by those curious people who like to alter the links you send via email. Here is what I am talking&hellip; <a class=\"more-link\" href=\"https:\/\/www.toddnthompson.com\/blog\/authenticate-users-and-perform-actions-with-infusionsoft-via-a-link\">Continue reading <span class=\"screen-reader-text\">Authenticate Users and perform actions with InfusionSoft via a link<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[18,16,17],"class_list":["post-15","post","type-post","status-publish","format-standard","hentry","category-software","tag-automation","tag-infusionsoft","tag-tracking","entry"],"_links":{"self":[{"href":"https:\/\/www.toddnthompson.com\/blog\/wp-json\/wp\/v2\/posts\/15","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.toddnthompson.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.toddnthompson.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.toddnthompson.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.toddnthompson.com\/blog\/wp-json\/wp\/v2\/comments?post=15"}],"version-history":[{"count":14,"href":"https:\/\/www.toddnthompson.com\/blog\/wp-json\/wp\/v2\/posts\/15\/revisions"}],"predecessor-version":[{"id":50,"href":"https:\/\/www.toddnthompson.com\/blog\/wp-json\/wp\/v2\/posts\/15\/revisions\/50"}],"wp:attachment":[{"href":"https:\/\/www.toddnthompson.com\/blog\/wp-json\/wp\/v2\/media?parent=15"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.toddnthompson.com\/blog\/wp-json\/wp\/v2\/categories?post=15"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.toddnthompson.com\/blog\/wp-json\/wp\/v2\/tags?post=15"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}