2

I have a use case where I need to shorten my Url and send it in a SMS.I have an HTML page which on calling, updates my customer's details. It basically updates an attribute of an object in Sales Cloud for that particular lead. When user clicks on that link that we have given in the SMS, the HTML page opens and the information for that user is verified(The attribute which was earlier set to unverified is now set to verified).

Problem In my case, the bitly link that gets generated, itself gets hit(probably when it is sent to bitly server to shorten the link) and information for the user gets verified even if the user doesn't click on that link.

This is my code:

%%[
var @leadId, @shortenUrl, @bitlyUrl, @link
Set @contacts = RetrieveSalesforceObjects("Lead", "Id,FirstName,LastName", "Combined_Mobile__c", "=", 
6569698800)
if rowcount(@contacts) != 0 then
  Set @row = Row(@contacts, 1)
  Set @firstName = FIELD(@row, "FirstName")
  Set @lastName = FIELD(@row, "LastName")
  Set @leadId = FIELD(@row, "Id")
endif
Set @encodedId = Base64Encode(@leadId)

set @urlLink =Concat('<url>','?leadID=',@encodedId)
set @bitlyUrl = 'https://api-ssl.bitly.com/v3/shorten?access_token=xxxxxx&format=txt&longUrl='
set @verifyUrl = Concat(@bitlyUrl,@urlLink,"&format=txt")
]%%

The HTML page has this piece of code:

%%[ 
set @encodedId = RequestParameter("leadID")
set @leadId = Base64Decode(@encodedId,'UTF-8', 1)
set @contacts= RetrieveSalesforceObjects("Lead", "Lead_Type__c,FirstName", "Id", "=",@leadId)
if rowcount(@contacts) != 0 then
Set @row = Row(@contacts, 1)
Set @firstName = FIELD(@row, "FirstName")
set @result = UpdateSingleSalesforceObject("Lead",@leadId,"Contact_Verified__c","Verified")
endif 
]%%

<!DOCTYPE html>
<html>
  <!--HTML header and body code-->
</html>

Any suggestions?

Krati Garg
  • 145
  • 1
  • 10
  • _"and information for the user gets verified even if the user doesn't click on that link"_ - that's why you don't do stuff like this on a mere GET request to begin with, but instead upon landing on such a URL you present the user with a button that causes a POST request, and only that is then taken as actual confirmation by the user. – CBroe Mar 25 '18 at 09:04
  • @CBroe I have edited my question. It's an HTML page. Kindly, refer to the landing page code as well. Any suggestions from your end on this? – Krati Garg Mar 25 '18 at 13:34
  • Suggestion was already contained in previous comment; what exactly is unclear? – CBroe Mar 25 '18 at 13:41
  • 1
    I don't want to do 2 step authorization. I don't want to present the user with a button. User gets a link in an SMS and the second he clicks on that link, only then his information should get verified and not before that. You have a solution to this @CBroe? – Krati Garg Mar 25 '18 at 13:53
  • Then the only solution would be that you not use any services that might request your URL upfront already - so no shortening services, just the direct URL to your service send to the user. But even that will most likely fail, because Facebook itself will most certainly make a request for that URL as soon as you send it, to create a "preview" for the recipient ... so, again, fail. You can "want" a different solution all day long, but that is not going to change _The Current State of How Sh.t Works._ – CBroe Mar 25 '18 at 14:00
  • In other words - if you want to start throwing money out of your window as soon as the door bell rings - fine, your choice. Someone else in that position might just fare better financially though, since they are aware that this could be just anyone ringing the door bell, and that they need some additional confirmation its actually the pizza delivery person, and not just some neighborhood kids pranking them. – CBroe Mar 25 '18 at 14:06
  • Appreciate your humour! At least I laughed.@CBroe – Krati Garg Mar 25 '18 at 17:21
  • Hi @KratiGarg - were you able to find a way around to this issue ? I am facing the same problem. – Vic Oct 03 '18 at 14:19
  • Hi @Vic We created a two step process for this. As we were providing the complete information in our bit.ly link, it was hitting the page automatically, so we instead created a landing page in between that contained the link to the confirmation page. So all in all we implemented a two step verification process for this. – Krati Garg Oct 04 '18 at 11:19

0 Answers0