Skip to main content

Overview

The Send Email API endpoint processes contact form submissions and sends emails via SMTP. It includes reCAPTCHA verification to prevent spam and automated submissions.

Endpoint

POST /api/send-email

Authentication

This endpoint uses Google reCAPTCHA v2 for bot protection. A valid captcha token must be included in every request.
Requests without a valid captchaToken will be rejected with a 400 error.

Request Parameters

nombre
string
required
First name of the contact form submitter.
apellido
string
Last name of the contact form submitter. Optional but included in email subject.
email
string
required
Email address of the submitter. Used as the replyTo address in the outgoing email.
telefono
string
Phone number of the submitter. Optional field, numeric only.
message
string
required
The message body from the contact form.
captchaToken
string
required
The reCAPTCHA token obtained from the frontend after user verification.

SMTP Configuration

The endpoint uses Nodemailer with the following SMTP settings:
  • Host: mail.plugin.uy
  • Port: 465
  • Secure: true (SSL/TLS)
  • Authentication: Uses EMAIL_USER and EMAIL_PASS environment variables

Email Recipients

Recipients are configured via the EMAIL_TO environment variable. Multiple recipients can be specified as a comma-separated list: 
EMAIL_TO=[email protected],[email protected]
If EMAIL_TO is not set, emails default to: [email protected] and [email protected]

Response

Success Response

message
string
Success confirmation message.
Example: 
{
  "message": "Email enviado con éxito"
}

Error Responses

error
string
Error message describing what went wrong.

400 Bad Request - Missing Fields

{
  "error": "Faltan campos obligatorios o el captcha"
}
Returned when nombre, email, message, or captchaToken are missing.

400 Bad Request - Invalid Captcha

{
  "error": "Captcha inválido"
}
Returned when reCAPTCHA verification fails.

405 Method Not Allowed

Method ${METHOD} Not Allowed
Returned when using any HTTP method other than POST.

500 Internal Server Error - Captcha Verification

{
  "error": "Error al verificar captcha"
}
Returned when there’s a network or server error during captcha verification.

500 Internal Server Error - Email Sending

{
  "error": "Error al enviar el email"
}
Returned when the SMTP server fails to send the email.

Example Request

curl -X POST https://plugin.uy/api/send-email \
  -H "Content-Type: application/json" \
  -d '{
    "nombre": "Juan",
    "apellido": "Perez",
    "email": "[email protected]",
    "telefono": "099123456",
    "message": "Me interesa conocer más sobre sus servicios",
    "captchaToken": "03AGdBq24...your-recaptcha-token"
  }'

Example Success Response

{
  "message": "Email enviado con éxito"
}
Status Code: 200 OK

Example Error Response

{
  "error": "Faltan campos obligatorios o el captcha"
}
Status Code: 400 Bad Request

Email Format

The sent email includes both plain text and HTML versions:

Subject Line

Nuevo mensaje de contacto de: {nombre} {apellido}

Email Headers

  • From: "Plugin Contacto" <{EMAIL_USER}>
  • Reply-To: {email} (submitter’s email)
  • To: Recipients from EMAIL_TO environment variable

Email Body

The HTML email includes:
  • Sender’s full name
  • Email address
  • Phone number (if provided)
  • Message content
The replyTo header is set to the submitter’s email, allowing direct replies from your email client.

Environment Variables

Required environment variables:
VariableDescriptionRequired
RECAPTCHA_SECRET_KEYGoogle reCAPTCHA v2 secret keyYes
EMAIL_USERSMTP authentication usernameYes
EMAIL_PASSSMTP authentication passwordYes
EMAIL_TOComma-separated list of recipient emailsNo (defaults exist)

Error Handling

The endpoint implements comprehensive error handling:
  1. Validation Errors: Checks for required fields before processing
  2. Captcha Verification: Validates token with Google’s API
  3. SMTP Errors: Catches and logs email sending failures
  4. Method Validation: Only accepts POST requests
All errors are logged to the server console with console.error() for debugging purposes.

Security Considerations

  • reCAPTCHA v2 prevents automated bot submissions
  • SMTP authentication uses secure SSL/TLS (port 465)
  • Email addresses are validated on the frontend before submission
  • The authenticated email user is always used as the sender to prevent spoofing
  • User’s email is set as replyTo, not from, for security

Build docs developers (and LLMs) love

Get started for freeTalk to us