Skip to main content

Overview

The Contact API allows visitors to send messages through the portfolio contact form. It automatically sends notification emails to André and confirmation emails to the sender.
This endpoint is rate limited to 5 requests per hour to prevent spam.

Send Contact Message

POST /api/contact

Submit a contact form message. This endpoint:
  1. Validates the input data
  2. Sends a notification email to André with the message details
  3. Sends a confirmation email to the sender
  4. Returns success status
This endpoint does not require authentication. It is public for portfolio visitors.

Request Body

name
string
required
Sender’s name (max 100 characters)
email
string
required
Sender’s email address (must be valid format)
subject
string
required
Message subject (max 200 characters)
message
string
required
Message content (max 5000 characters)

Response

success
boolean
Indicates successful message delivery
messageId
string
Unique ID from the email service provider (Resend)
confirmationSent
boolean
Whether the confirmation email was successfully sent to the sender

Example Request

cURL
curl -X POST https://andreruperto.dev/api/contact \
  -H "Content-Type: application/json" \
  -d '{
    "name": "João Silva",
    "email": "[email protected]",
    "subject": "Orçamento para Desenvolvimento Web",
    "message": "Olá André,\n\nGostaria de conversar sobre um projeto de desenvolvimento web para minha empresa.\n\nAguardo seu retorno!"
  }'
JavaScript
const response = await fetch('https://andreruperto.dev/api/contact', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    name: 'João Silva',
    email: '[email protected]',
    subject: 'Orçamento para Desenvolvimento Web',
    message: 'Olá André,\n\nGostaria de conversar sobre um projeto de desenvolvimento web para minha empresa.\n\nAguardo seu retorno!'
  })
});

const data = await response.json();
console.log(data);
Python
import requests

response = requests.post('https://andreruperto.dev/api/contact', json={
    'name': 'João Silva',
    'email': '[email protected]',
    'subject': 'Orçamento para Desenvolvimento Web',
    'message': 'Olá André,\n\nGostaria de conversar sobre um projeto...'
})

print(response.json())

Example Response

Success (200)
{
  "success": true,
  "messageId": "re_abc123xyz789",
  "confirmationSent": true
}
Error - Missing Fields (400)
{
  "error": "Todos os campos são obrigatórios"
}
Error - Invalid Email (400)
{
  "error": "Email inválido"
}
Error - Field Too Long (400)
{
  "error": "Um ou mais campos excedem o tamanho máximo permitido"
}
Error - Rate Limited (429)
{
  "error": "Muitas mensagens enviadas. Tente novamente mais tarde."
}
Error - Server Error (500)
{
  "error": "Erro ao enviar mensagem"
}

Validation Rules

The API enforces the following validation rules:

Required Fields

All four fields (name, email, subject, message) are required

Email Format

Email must match standard email format: [email protected]

Name Length

Maximum 100 characters

Subject Length

Maximum 200 characters

Message Length

Maximum 5000 characters

XSS Protection

All HTML is escaped to prevent XSS attacks

Email Templates

The API uses custom HTML email templates with André’s branding:

Notification Email (to André)

Confirmation Email (to Sender)

Security Features

1

Rate Limiting

Limits to 5 messages per hour per IP address to prevent spam and abuse
2

Input Validation

Validates all fields for required data, correct format, and length constraints
3

HTML Escaping

Escapes all user input in email templates to prevent XSS attacks via the escapeHtml() function
4

Email Verification

Uses regex pattern to validate email format before sending

Email Service

The API uses Resend as the email service provider:
  • Configured with RESEND_API_KEY environment variable
  • Sends from verified domain andreruperto.dev
  • Returns unique message IDs for tracking
  • Handles errors gracefully (returns success if notification sent, even if confirmation fails)

Testing Email Templates

Authenticated users can preview email templates without sending actual emails.

Preview Notification Email

curl https://andreruperto.dev/api/admin/email-preview/notification?token=YOUR_JWT_TOKEN

Preview Confirmation Email

curl https://andreruperto.dev/api/admin/email-preview/confirmation?token=YOUR_JWT_TOKEN
These endpoints return the fully rendered HTML email templates with sample data.

Implementation Reference

Contact endpoint implementation: backend/src/server.js:337-389 Key functions:
  • escapeHtml() - Line 44 (XSS prevention)
  • isValidEmail() - Line 54 (email validation)
  • buildNotificationEmail() - Line 79 (notification template)
  • buildConfirmationEmail() - Line 160 (confirmation template)
  • Contact rate limiter - Line 35 (5 per hour)

Build docs developers (and LLMs) love

Get started for freeTalk to us