I just started my first project with Contentful. So far I’m really happy with the idea of having a service like a headless CMS powering the content for sites I work on. No annoying CMS systems to work on, to extend and to maintain. Just frontend code using different services and APIs for all kind of stuff.
There is only one thing I’m really not sure about. What is the best practice for content fields like emails?
Currently I’m developing a website for mentorships between experienced designers and designers who are looking for expertise when starting a business, building a portfolio, looking for a job, etc. Empowering and networking. Quite simple actually. We started within the community website of our university but soon realised that this won’t scale well. Thats why we thought about using Contentful.
The thing is, to be able to contact a mentor mentees need an email address. Of course we cannot share this email address via a public API. So my plan was to have a server getting a POST request, validating the request and sending an email to the mentor. And while having a server, why not simply handling/proxying all API calls to contentful? To secure the API token and to have minimal response bodies. Just to be sure.
But than I remember that I thought I won’t need a backend at all. I thought this will be great. Just use the CDN API making content publicy available which is already available via the website anyway. Than I saw the response from the API with all this extra information and comprehensive nesting of values making the frontend code more complex than I planned it to be. And then there is this private email I want to have excluded from the response. But every idiot can see from the traffic between the app and the Contentful server, that there is a field missing and can basically scrape the whole mentor database for fresh email addresses. Hell yeah.
So now I’m sitting here beeing a little bit confused and disappointed. Is this the way a headless CMS will feel like (basically needing a proxy for all content, just to be sure)? Am I doing something wrong? Is there a tool, a library or a best practice I’m missing? Whats the intended way for this? How are you guys doing it?
Thanks for in advance for tips and feedback.