The Survey123 web app supports a variety of URL parameters that can be used to initialize the contents, look and feel, and behavior of your online surveys. This article describes how you can make the use of URL parameters more secure, by encoding them.
In the following example, URL parameters are used to prepopulate and hide the submittedBy question:
Since the URL parameters are in clear text, a smart user could look at the web browser's navigation bar, figure out that a question is being hidden, and manipulate the URL parameters to show and change the question.
Here is the same URL, with encoded parameters:
Once the URL parameters are encoded, only the Survey123 web app can read them, making the URL much more secure.
Tip: If you are not familiar with Survey123 web app URL parameters, check these two blog posts:
URL parameter encoding is a technique that allows you to obscure the contents of URL parameters. When parameters are encoded, it is not possible for end users to manipulate existing or add new parameters to the URL. This functionality is only available with Survey123 online forms published with version 3.11 or newer.
Tip: If you wish to upgrade your online forms to newer versions, see:
Let's pretend you want to add a link to your survey in a website and Facebook. Using URL parameters, you prepopulate a hidden question so you can tell from which source (website or Facebook) the survey was sent. In this case, since you only need to create and encode two links, you can simply use your web browser. Here is how:
This animation shows the process step by step.
Manually encoding your survey URLs is only practical when you have a handful of URLs to share. If you need to create many Survey123 links, or you need to create them dynamically, the best choice is to use the Survey123 REST API to programmatically encode your URL parameters.
The encodeUrlParams operation on the Survey123 REST API allows you to pass a collection of Survey123 parameters and get back the encoded URL string.
The URL endpoint of this operation is: https://survey123.arcgis.com/api/encodeUrlParams
It expects a POST request including a valid ArcGIS token and the parameters you want to encode. For example:
"field:submittedBy": "Fernando Paredes",
"hide": ["field: submittedBy"]
"portalUrl": "<Portal URL>", //Optional
Note that it is not necessary to pass any information about your survey. All you need to pass are the URL parameters that you wish to encode and a token. The portalUrl parameter is only needed if you are working against ArcGIS Enterprise.
The response from the Survey123 REST API will look like the following:
The value of the code property represents your URL parameters, encoded.
Say you wish to send an email to a very large group of people. You want the email to include a personalized Survey123 link, prepopulating a few questions in the survey based on the recipient's information you already have. You need to create a CSV file that you can import into an email marketing tool like MailChimp, Drip or MailerLite, including the email of the recipients and their corresponding Survey123 link. Of course, you want the Survey123 links to have the URL parameters encoded.
You can use the encodeUrlParams operation in the Survey123 REST API from any scripting language able to send a POST request. The example below highlights how links can be created from an ArcGIS Notebook. The code first performs a query on a feature service and generates a unique link for each record in the returned set. The script prints out the email and its corresponding Survey123 link with encoded parameters. Click here to preview the notebook.
As you can see, the code is straight-forward. A single POST request lets you specify the URL parameters you want to encode. The output of the Survey123 REST API can then be added to your Survey123 link.
If you want to create a collection of links in bulk from some information you already have, the Python approach described above is a good fit. In other cases, you may need to create links dynamically.
For example, say you publish a survey for people to self-report damage to their property after a natural disaster. You would like respondents to automatically receive an email with a link that would allow them to update their own information. As you already know, using URL parameters it is possible to create a survey link to open a record in edit mode. You can also dynamically create such a link and email it right after a survey is submitted using Microsoft Power Automate and Integromat, but is it possible to also encode the URL parameters? Yes!
Overall, the Microsoft Power Automate flow could look like the following:
Note that the trigger for the flow is the Survey123 connector. Every time a survey is submitted, the flow is executed. The payload of the trigger includes the globalId of the record just created, which is made available in Microsoft Power Automate as dynamic content.
The HTTP module is used to encode the URL parameters.
The HTTP method is set to POST. The URI parameter targets the encodeUrlParams operation in the Survey123 REST API. In the queries group, the token parameter is populated dynamically with the token value provided in the Survey123 webhook payload. The params parameter includes the URL parameters we want encoded. In this case, we pass edit for the mode and the globalId of the feature we want to edit. The globalId is coming as dynamic content from the Survey123 webhook payload as well.
Next the Parse JSON module is used, so that later we can easily extract the encoded values from the output of the Survey123 REST API.
Finally, the Send Email module is used to dynamically create a Survey123 link within the subject of the email. Note that the encoded parameters are dynamically added to the Survey123 link.
The Survey123 web app supports several URL parameters, allowing you to preload responses to questions, and change the look and feel and behavior of your online surveys. Using the encodeUrlParams operation in the Survey123 REST API, you can obscure these parameters to avoid manipulation by end users.
You can generate Survey123 links with encoded parameters manually right from your browser, programmatically through scripting languages like Python, and dynamically through workflow automation in Microsoft Power Automate and Integromat.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.