I have simple website written with react and also a simple API written with express.js. One of my API endpoints is for my contact form (from react) that allows a visitor to send an email. A kind of Contact US form.
I want to ensure or make it as difficult as possible for anybody to contact the API. I can't white-list the IP because the API would be from the browser. I can use HTTP referrer but is there anything else ?
Any ideas the best way around this ?