CodeB Conference Status ← Back to app
Public API

/contact.ashx · public API

Programmatic contact-form submission. Internally the same code path used by the website’s contact form — useful when embedding the form into another origin via cross-origin POST.

Two gates apply: a HMAC-signed math captcha (from /captcha.ashx) and a per-IP rate limit of 5 messages per hour. CORS is currently restricted to the tenant’s own origin; if you need to call this from another domain ask the tenant operator to add your origin to the allow-list. Personal data handling is described in the public privacy notice.

POST /contact.ashx #

Submit a contact form. The handler validates the inputs, verifies the captcha first, applies an IP-based rate limit, and drops an RFC 822 .eml file into the IIS SMTP pickup directory for delivery via the configured smart host.

Request

Form fields (application/x-www-form-urlencoded or multipart/form-data):

  • name — 1–120 chars
  • email — valid RFC 5321-shape
  • subject — 0–200 chars
  • message — 1–6000 chars
  • captcha_token — signed token from /captcha.ashx
  • captcha_answer — the integer the user typed in

Response

application/json: { "ok": true } on success.

Errors

  • 400 — missing field / field too long / invalid email / captcha failed
  • 405 — non-POST
  • 429 — 5 messages per IP per hour
  • 500 — pickup directory misconfigured or unwritable

Example

curl -X POST https://phone.codeb.io/contact.ashx \
  -d "name=Jane" -d "email=jane@example.com" \
  -d "subject=Hi" -d "message=Demo, please" \
  -d "captcha_token=…" -d "captcha_answer=8"
Captcha is verified before the rate-limit counter increments, so a bot that doesn't solve the math can’t fill your rate window. The submitting IP comes from X-Forwarded-For when present, else UserHostAddress.
Need an admin endpoint? Admin-only and OIDC Bearer-gated routes are documented inside the admin UI itself (visible only to signed-in admins on this host). The public API set on this page is the surface you can integrate against without provisioning a CodeB user.

Questions? Ask us · Index: All public APIs