0

I was trying to do a contact me page using https://smtpjs.com/v3/smtp.js with elasticmail. I want to pass my token from a PHP file, to make it private.

          Email.send({
             SecureToken : "some secret token from php",
             To : 'tosomeone@example.com',
             From : 'fromsomeone@example.com',
             Subject : projectValue + " - " + emailValue,
             Body : 'Some body' 
          }).then(
             message => alert("Message sent successfully")
          );

As you can see, if I pass the token here it is visible to anyone and everyone can use this to send emails. So how do I pass it from PHP? If you provide step-by-step, it will be very helpful. Thanks

Skerdi Velo
  • 121
  • 2
  • 13
  • 1
    Step by step is probably out of scope for Stackoverflow. In short, you don't want to integrate with a third party service that requires a secret with client-side code. This is one of the reasons for the BFF (Backend for frontend) architecture. You would have your client-side code send a request to your server-side code (PHP) that integrates with the third party. – Devon Bessemer Jul 20 '23 at 14:34
  • I know, but then I cannot use smtpjs so that's why I asked this question. If there is any way to pass the token. – Skerdi Velo Jul 20 '23 at 14:43
  • 1
    Never used smtpjs but a quick glance seems like a bad idea all around. Even if you "secure" it, something other than your server is going to have to use the credentials. So it's either their server or the client that is performing the decryption and they could easily modify the script to send whatever they want from your email account. – Devon Bessemer Jul 20 '23 at 15:25
  • 1
    How can it be secure when you pass it to the client where anybody could reveil it? If you need it secret, keep it secret. If you want to use a JS library, why not using node on the server? – Markus Zeller Jul 20 '23 at 16:28
  • Thank you everyone. – Skerdi Velo Jul 20 '23 at 19:30

1 Answers1

-1

Don't pass the secret key from js to php. Instead of that, keep that key in server side(PHP).

Peer Mohaideen
  • 5
  • 7