My single page app has no backend per se (firebase) and now needs to interface with Mailchimp to allow visitors to register to the newsletter.
So far, I have this API key - it seems to give full access to my mailchimp account. Can one simply call the Mailchimp api from an SPA to register, without providing an api key?
You are correct, the API key gives access to your account and should therefore be kept private. There isn't a way to use the MailChimp API without providing an API key, but if you are only using it to subscribe users, you can do this through a simple AJAX call instead. This method uses a User ID instead of a private API key to identify your account.
The request below is adapted from this answer:
$.ajax({
type: 'post',
url: 'http://xxxxx.us#.list-manage.com/subscribe/post-json?u=xxxxx&id=xxxx&c=?',
data: $('form').serialize(),
cache : false,
dataType : 'json',
contentType: "application/json; charset=utf-8",
error : function(err) { alert("Could not connect to the registration server. Please try again later."); },
success : function(data) {
if (data.result != "success") {
//Failed
} else {
//Success
}
}
});
To find the values that need to be placed in the url string, follow the instructions on this page from MailChimp's knowledgebase. You'll need your username, the correct us# server, the u value (which is the User ID previously described), and the id value (which is the list ID).
