What that Warning About the Pardot API Update Means

BY MIKE CREUZER

Are you seeing a little Pardot authentication warning when you log into your org and are not sure why?  It looks something like this…

image

What’s Changing with the Pardot API

The short story: Pardot is improving the security of our data by making improvements to how our tools need to log into the Pardot API.

This is a good thing.

Unfortunately, it can cause us some issues in the short term. The deadline was previously set for April, but has been moved out to May 6th — so there’s still time to sort things out and get ready.

If You’re Thinking “But I Don’t Use the API…” — Not So Fast

Your first thought may be that you don’t use the API.  But if you log into any third party tool with a Pardot username, odds are that tool is using the API.

You can review your API usage from your Pardot Account Settings under the Usage and Limits section listed as “Daily API Requests page.” Or go to this link to access directly:
https://pi.pardot.com/account/apiUsage

This screen gives you an hourly breakdown of usage, daily, for the last week. In the screenshot below you can see what this report could look like for you:

image

What to Review to Be Ready for the Pardot API Update

What you are interested in is the collapsed tabs at the bottom. These expand to show you what Pardot Users are using the API:

image

These are the people you need to work with to try to figure out what ‘things’ are plugged into your Pardot instance. The column labeled “USES DEPRECIATED AUTH” being “Yes” is what will be turned off on May 6th and will stop working.

So you can see here, that there is work to be done in this example.

Contact the vendors if the usage is coming from a vendor. If it’s something your web team is managing, let them know. Pass along
http://developer.pardot.com/#using-the-api so they have a starting place to sort out what they need to fix.

Best Practices for Working with the Pardot API

While we’re on the topic, let’s bring up a couple of best practices.

1. First of all, use it.

If you’ve been leveraging Pardot for some time, explore opportunities to take the platform even further by working with the API.

There are countless processes that can be made more efficient by using tools like Zapier and Tray.io to streamline data transfer across platforms.  Ask your team where they are doing manual data entry or doing lots of imports/exports and Excel jockeying.  That’s usually a great place to start.

You can also use the API to build custom integrations or run data clean up utilities — for example, fixing capitalization in name values, setting time zones, bucketing picklist values, standardizing state/country values to prevent sync errors between Pardot and Salesforce, creating control groups for A/B testing in Engagement Studio, and more.

2. Audit who is accessing your data via the API regularly.

Were you surprised by who you saw accessing your data when you took a look at your usage metrics?  We recommend at least quarterly reviews of this to avoid any surprises.

3. Give every different integration it’s own user.

Yes, creating unique email addresses and Pardot users for each can be a pain.  But it’s a free option under the current Pardot licensing — and it’s worth the time spent.

Having separate logins makes figuring out who and what is accessing your data much easier. The audit log and last changed by better reflect what tools are updating your data so you can easily get a feel for how well your tools are working for you.

You can also turn off a specific integration by changing the password if it starts behaving badly without also turning off things that are working correctly and help you run your business.

What Questions Do You Have About the Pardot API?

Are you working on any interesting integrations?  Struggling with a unique problem, and wondering if the API can help you solve it?  Running up against a platform limit and looking for a workaround?

Let me know in the comments and let’s discuss.

2 thoughts on “What that Warning About the Pardot API Update Means”

  1. Getting access denied when using the API to get any table other than Prospects.

    Our developer can pull down the Prospects table using the API but no other table. She gets an access denied error even though she used the same API key. She is trying to pull Pardot data into an Azure data lake. I have tried to use Postman to access these table and have run into the same issue. I know there is supposed to be some change in the API were you have to add the keys to the header whereas you could add them as parameters before. (Btw, I am not a dev so my term usage is likely off.) I have contacted support, but they have not gotten back to me in several days.

    1. Brian,
      That sounds like you are running into the API authentication error to me. If you look at the API Usage, as we show in the middle of the blog post, I am going to guess that you will see some entries with “Uses Deprecated Auth” as Yes.

      Not all the Libraries have been updated last I heard. Also, the example code on the Pardot API documentation page isn’t correct to the new Authentication Rules. For PHP altering the Pardot reference code right after the “$curl_handle = curl_init($url);” line would look something like this:

      curl_setopt($curl_handle, CURLOPT_HTTPHEADER, array(“Authorization: Pardot api_key={$api_key}, user_key={$user_key}”));

      Where we need to create and pass along the Authentication headers. Hopefully your developer can take the above snippet and meld it into her library/code.

      I haven’t used Postman yet. I heard about it at Connections earlier this month. I downloaded it today. I will play with it and look into posting instructions on how to get it to work with the Pardot API correctly.

Leave a Reply