Pardot API Requirements

A summary of the data and security concerns using Pardot with FeedOtter

Introduction

Security is important to us at FeedOtter. We’ve worked closely with Pardot’s API team to ensure we have access to as little of your data as possible. Here you can read-up on what Pardot data FeedOtter has access to.

API Access is Limited to a Unique Pardot “FeedOtter User”

When establishing the connection between Pardot and FeedOtter your team will create a dedicated Pardot user account for API access. This account is never used for login.

We recommend a “Marketing” role to ensure this user can send list emails but if you have Pardot Ultimate you maybe able to further customize your security access per the Pardot User Roles.
API Calls Used
Besides those used for authentication FeedOtter for Pardot utilizes 3 separate REST API methods

lists, a read-only call to provide the user with a UI for selecting the Pardot list(s) emails should be sent to. The call returns only list names, and numerical id numbers. No contact information is available. For more information read Pardot's API guide: http://developer.pardot.com/kb/api-version-4/lists/

campaigns, a read-only call to provide a UI for selecting the Pardot Campaign used for reporting on email sends. The call returns campaign names and numerical id numbers. No contact information is available. For more information read Pardot's API guide: http://developer.pardot.com/kb/api-version-4/campaigns/

emails.send, a write call that passes list and campaign ids along with HTML content to your Pardot account for the purpose of creating a new email. This call includes a date/time which denotes when the email will be sent by Pardot. No contact information is exchanged other than the TO, FROM, REPLY-TO text provided by your team as part of the email creation process in FeedOtter. For more information refer to Pardot's API documentation: http://developer.pardot.com/kb/api-version-4/

FeedOtter Encryption

All pertinent user and account data is encrypted using AES256.  This includes passwords, email addresses, api tokens, keys, and associated data.

FeedOtter's user/login password scheme uses PBKDF2

There is no use of MD5 or Sha hashing

Prospects and Personal Information

FeedOtter NEVER accesses your leads, email addresses, employees, or company information. As described in the previous section we perform read-only queries to provide UI elements and a single write operation to create a new scheduled email asset.