I have a members area on a website which allows users to update their credentials, one of which is 'subscribe to mailing list' - a checkbox. We're using Campaign Monitor for the mailing list; members will be periodically exported from Umbraco and imported to CM if they're marked as being subscribed.
Campaign Monitor has a policy of adding a compulsory instant unsubscribe link to every email it sends, but this means that we need to un-check the subscription preference of the member in their website profile too. Handily CM has a webhook for this, which posts a chunk of JSON to a designated URL whenever the unsubsribe event is triggered at CM.
Question is, the member won't necessarily be logged in when clicking 'unsubscribe' from their newsletter, so is it possible to securely update a members' preferences without them being logged in? Presumably this is best done through WebAPI if indeed possible?
Sounds like the right approach to me - you can use the Umbraco API to update member details of an account that's not logged in. As you note, there's kind of a security hole - albeit one that seems unlikely anyone would bother to exploit - in that you could have someone discover this WebAPI end-point and use it to unsubscribe someone else. But that's probably a fairly common issue with any unsubscribe function - you'll often want to do that without having the user take the trouble to login and update their preferences.
Maybe you can look at the referrer? So if it's come from CM you can trust it?
If that doesn't work I guess you could protect yourself and your members by sending just one last email direct from your web site, saying "sorry to see you go". That way the member would know that it happened and could reinstate themselves if they wanted.
Due to time constraints and Campaign Monitor not providing a GUI to manage webhooks (they have to be managed programatically, which is a project in itself!) we decided to use the notification URL as the unsubscription mechanism. It works similarly only not as bullet-proof as the webhook as it's basically just a prompt for the member to log in and update their preferences, but from a UI point of view it's reasonable and it will work satisfactorily for this project.
I'll update here if we ever revisit and go the webhooks route. Thanks for your input.
Update member property via webhook
Hi,
I have a members area on a website which allows users to update their credentials, one of which is 'subscribe to mailing list' - a checkbox. We're using Campaign Monitor for the mailing list; members will be periodically exported from Umbraco and imported to CM if they're marked as being subscribed.
Campaign Monitor has a policy of adding a compulsory instant unsubscribe link to every email it sends, but this means that we need to un-check the subscription preference of the member in their website profile too. Handily CM has a webhook for this, which posts a chunk of JSON to a designated URL whenever the unsubsribe event is triggered at CM.
Question is, the member won't necessarily be logged in when clicking 'unsubscribe' from their newsletter, so is it possible to securely update a members' preferences without them being logged in? Presumably this is best done through WebAPI if indeed possible?
Thanks for any pointers folks.
Sounds like the right approach to me - you can use the Umbraco API to update member details of an account that's not logged in. As you note, there's kind of a security hole - albeit one that seems unlikely anyone would bother to exploit - in that you could have someone discover this WebAPI end-point and use it to unsubscribe someone else. But that's probably a fairly common issue with any unsubscribe function - you'll often want to do that without having the user take the trouble to login and update their preferences.
Maybe you can look at the referrer? So if it's come from CM you can trust it?
If that doesn't work I guess you could protect yourself and your members by sending just one last email direct from your web site, saying "sorry to see you go". That way the member would know that it happened and could reinstate themselves if they wanted.
Hope that helps
Andy
Thanks Andy,
Due to time constraints and Campaign Monitor not providing a GUI to manage webhooks (they have to be managed programatically, which is a project in itself!) we decided to use the notification URL as the unsubscription mechanism. It works similarly only not as bullet-proof as the webhook as it's basically just a prompt for the member to log in and update their preferences, but from a UI point of view it's reasonable and it will work satisfactorily for this project.
I'll update here if we ever revisit and go the webhooks route. Thanks for your input.
is working on a reply...