16Mar
How to secure an email subscription endpoint?
I have a simple static webpage that lets users sign-up for a newsletter. Once they enter their email address, it gets sent to a public endpoint (AWS Lambda). This lambda function forwards the email address to a subscription list manager endpoint (Mailchimp) along with the API key.
The connection between the AWS Lambda function and Mailchimp is secure as no one has the API key and can't hammer my Mailchimp account. But my concern is the connection between the static webpage and the AWS Lambda endpoint. This endpoint is public and unauthenticated and I'm worried about things like people flooding the endpoint with fake addresses.
How can I best secure this? The static page is a simple Gatsby bundle.
