Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I want to make newsletter subscription. And I'm afraid that someone could flood my database with many fake emails. Using passport is not an option, because I what to subscribe unregistered users too.
Any ideas how to prevent that API flood?
is it really an api or just a normal form? if api - you can have a throttle middleware. if normal form then you can check the ip and store it the first time user enteres an email - and then block him from doing so again.. you could also verify emails are real using an external service.
if normal form, recaptcha is also an option.
Yes, it is a normal form. I can put recaptcha but it will be easy to get request URL from browser and bypass the form and recaptcha.
but you validate that the recaptcha is there and has been verified. It woukd be a pointless concept if you could just bypass it.
You are right! I'll try, thanks!
Please or to participate in this conversation.