Send mail using API?

Hi,
I’m doing a simple HTML page hosted on MIAB. This question is for a Submission form that I want all form details sent to email also hosted on MIAB.
I was wondering if there is a simple way to use API to send an e-mail from an HTML submission form without using PHP code just HTML/CSS?

I found a good solution using only HTML and POST https://formspree.io/my@email.com. It’s working great, but because I would like to keep my form details from third parties would be best if I figure out a way to do it on my MIAB.
Yes. I know I can use PHP and it’s already there I just want to do it without it if possible?

MIAB API examples are only for creating/deleting/listing/privileges on the e-mail and DNS changes, are there any hidden API’s one not listed?
If MIAB does not have API or it’s not very easy to accomplish this functionality what about NextCloud API?

KInd Regards,

SMTP is the only way to send email. No API for this. use SMTP.

PHP is the only viable option on a webserver for this (for MIAB anyway).

The good news is MIAB supports PHP out of the box as long as you call it directly:

<form action="send.php">
......
</form>

Hi murgeto,

I’ve got a testing form working using only HTML/CSS & free API’s https://formspree.io.
it looks like this: https://lambev.pro and it works, but will probably go back to your suggestions and use PHP, I just wanted to accomplish it maintain the privacy of the sender using only MIAB via HTML/CSS/javascript if possible.

I’ve adapted the form from W3School and just changed to what’s below: form method=“POST”… also CSS code is there.

<div class="container">
        <form method="POST" action="https://formspree.io/user@lambev.pro">
            <label for="fname">First Name</label>
            <input type="text" id="fname" name="firstname" placeholder="Your name..">
            <label for="lname">Last Name</label>
            <input type="text" id="lname" name="lastname" placeholder="Your last name..">
            <label for="phonenum">Your phone</label>
            <input type="text" id="phonenum" name="phonenum" placeholder="Contact phone number..">
            <label for="email">Your e-mail</label>
            <input type="email" id="email" name="_replyto" placeholder="Your e-mail..">
            <input type="hidden" name="_subject" value="New submission!" />
            <label for="country">Country</label>
            <select id="country" name="country">
              <option value="United Kingdom">United Kingdom</option>
              <option value="USA">USA</option>
              <option value="EU">EU</option>
              <option value="Bulgaria">Bulgaria</option>
              <option value="China">China</option>
              <option value="Other">Other</option>
            </select>
            <label for="subject">Subject</label>
            <textarea id="subject" name="message" placeholder="Your message.." style="height:200px"></textarea>
            <input type="submit" value="Send">
         </form>
    </div>

Thanks for the advice!
Cheers,

I just want to say that I really recommend against putting any custom source code on a Mail-in-a-Box since it’s easy to create security vulnerabilities this way that could open your box up to abuse.

2 Likes

Yes, JoshData
I agree with you! It’s very important for the MIAB to be secure, that’s why I’m asking here ;).

The code shown above is part of my test webpage hosted on MIAB, but I’m now learning to code so will definitely have security flaws probably…

Kind Regards,
Cheers,

HTML/CSS wont have any server-side security concerns. Just make sure CSS/JS come from a reliable source so client side can be as secure as possible.

I agree with @JoshData, using PHP isnt ideal, but is one possible solution. formspree seems legit enough as well.

1 Like

If you’re super into adding potential security vulnerabilities and still want to do this a simple google search for any appliance that goes from SMTP to REST would lead you to something like this MailIt https://github.com/dthree/mailit

1 Like

ewwwwwwwwwwwwww @Ruseen

Hey, it’s their blacklisted domain, right? I mean at the end of the day technically a 60 character API key is likely as hard to brute force as SMTP with Fail2Ban.