Writing a REST Service Using Cloud Pages


When I started working with Marketing Cloud I came across a language that was totally unknown to me– AMPscript. After researching a little bit, I came across the official Salesforce Marketing Cloud documentation http://help.marketingcloud.com/en/documentation/  with a lot of good information about it.

AMPscript is a scripting language for Salesforce Marketing Cloud (formerly known as ExactTarget) that can be embedded in HTML emails, text emails, landing pages and SMS messages to control the content that is displayed to each consumer.

After working with AMPScript for a while I realized that when you start creating single page applications or complex landing pages, the code can get quite messy and disorganized. But I’ve found a way to keep the code separated from the front end that I think you’ll find interesting.

Building a REST API using AMPScript

A REST API allows you to create applications that can insert, retrieve, update, or delete records using any development environment that supports web services.

A REST API often use GET (read), POST (create), PUT (replace/update) and DELETE (to delete a record). Not all of these are valid choices for every single resource collection, user, or action, but each of these REST calls is stateless and the endpoint should check whether the caller is authorized to perform the requested operation. It is important that the service properly restrict allowed verbs so that only allowed verbs will work, while all others will return an appropriate response code (for example, a 403 Forbidden).

There are several methods to implement security in our API, some of them are:

Cloud Pages

Cloud Pages is a Salesforce Marketing Cloud application that enables you to manage customer-driven marketing content across multiple channels. Using the cloud page editor you can:

  • Create a content collection
  • Optimize content for different mobile, social and web experiences.
  • Publish content immediately
  • Schedule future content publications.
  • Monitor published content to measure performance on each channel.

CloudPages supports publishing to these channels:

  • Facebook Tabs
  • Landing Pages
  • MobilePush Pages
  • Microsites

For more information about CloudPages you can visit https://help.marketingcloud.com/en/documentation/cloudpages/

What we are going to do here is to build a set of Cloud pages that will return JSON just as a REST API would.

To start writing the REST API, the first thing we have to do a  Collection,  so we’ll go to Cloud Pages in WebStudio and we click in the Create Collection button to create our new collection:

With our new collection created we can click on it to Add Content and select Code resource.

I give it a name and as our API is going to return JSON I choose the content type Json.

To test this API create a data extension with the following fields

  • EmailAddress
  • EntryCode
  • FirstName
  • LastName
  • PhoneNumber
  • Password


All the methods of our API will receive a parameter that indicates to which method we are calling at the moment of consuming our API. We’ll try with “Get” and “Put”.

Our first method will be the GET method. This method will receive a parameter in my case I will use the EntryCode.

The GET Method

Our GET method retrieves information from our Data Extension and will look like this: https://gist.github.com/devsutd/d0cc057107269d1a282f1e27e36c284d

Important Note: Make sure you publish your changes in Cloud Pages to be able to test your method!


The PUT Method

Our Put method will allow us to update information in our Data Extension and will look like this: https://gist.github.com/devsutd/492ba2d43687ae721aa4b22190292060

Securing our REST API

Now, as we are sure that our API works well, we will implement security. There are multiple ways to achieve this, what we will do is to make use of a Data Extension that will hold Access Tokens for users with the following fields:

  • EntryCode
  • AccessToken
  • Date
  • EmailAddress

And then add a new GetAccess Token Method that will look like this:  https://gist.github.com/devsutd/1d69479fda86d769cf3c5e3e6d0d4e84

And then we will be able to secure our GET Method easily: https://gist.github.com/devsutd/b7a832acac03f8cbde8bf8d105c00e39

Testing our API

To test our methods, you could either create a landing page that uses JQuery to consume your service or use PostMan which is a great tool to test APIs. Creating a Landing Page is similar to creating a Code Resource, except that now we choose the Landing Page option.


Over time the technological needs of enterprises are increasing and in my opinion,
I find in Salesforce a wide range of possibilities to supply them. While this example is very basic, you can do great things with AMPScript.

Salesforce offers many tools to meet the needs of companies, but without a doubt
the key is to learn how to take advantage of them.


Natalia Tavora
Natalia Tavora