I am buidling a product cataloge website with strapi as backend for a static site generator. Now it comes that we would need an request/contact form. My idea was to make a collection in strapi and let send strapi an e-mail everytime data is posted through the form. But the POST is done by the client without authentication. Because it is done client/browsersite a token will not help to secure the api endpoint. I just want to prevent the endpoint to be spammed.
I found this: Simplify securing a public post endpoint (with recaptcha), but would not like to use recaptcha.
The second, we are thinking of, is wishlist to remember products. I would save it in the browser storage, but would like to make it possible to store the list in strapi and share it identified by a unique hash. Same problem here: no authentication and no serverside call of strapi.
Should I not do this or how could I protect the api endpoint.