Create Your Own Preference Center
This not a code example of how to create your own Preference Center, but rather it is an overview of how you can use the various APIs to create your own preference center where your subscribers can adjust their custom field settings, or unsubscribe all from one central place.
To build your own preference center you will want to create a link in your GreenArrow Studio campaign that includes these replacement codes:
If you’d like to track more than that in your link, here is the full list of available replacment codes.
Note that the replacement code syntax with
} only works in links. They are provided here because
% is a special code that is sometimes escaped in links by HTML editing software.
With the information passed to your preference center from the link, you’ll need to set up your preference center to do the following:
- Get the subscriber’s current custom field data to populate the form so they can see their current settings:
- Do this using the Get Subscriber API.
- Use the
mailing_list_idto get the subscriber, and then for security verify that the email address also matches.
- Update the subscriber record with the new data the subscriber provided in the form:
- Do this using the Update Subscriber API.
- Use the
mailing_list_idto update the subscriber.
- Before doing an update, you should verify that the provided emailaddress matches this
- Unsubscribe them from the list if they choose to do that instead:
- Do this using the Unsubscribe API.
- Use the
unsubscribe_tokento update the subscriber status and associate the unsubscribe with the specific campaign.
When showing data to the user and updating custom fields, check that both the email address and
subscriber_id match the record.
If you only lookup based on the email address (and don’t check the
subscriber_id), then you allow an attacker to query the subscription status of any email address on your list.
If you only lookup based on the
subscriber_id (and don’t check the email address), then an attacker can simply increment through
subscriber_id values and download your list.
This checking is not required with the Unsubscribe API, as the
unsubscribe_token already includes a security code.