First of all, I’m a new user of auth0 so excuse me if what I am asking is trivial. I have an angular2 website and a webtask that connects to the sendinblue API to send an email from a contact form in the SPA.
What I would like to know is how to correctly secure all of this because currently the webtask can be accessed with a simple url and even if my sendinblue credentials are secured with the webtask secrets functionality, every one can send an email via the webtask.
I have tried to define the webtask as an API on my profile and secure it with an access token. I have managed to test it by getting a token manually but cannot implement it in the SPA as it needs the CLIENT SECRET to get a token. All examples concerning angular2 reference to users logging in but I don’t need this as I want unregistered users to use the form. So I think that I overcomplicate everything.
What I would like is calling my webtask when I send the form via the SPA and be sure that only my SPA can call the webtask.