Repost from Reddit:
If you are operating one or multiple sites hooked to a central Mautic (I am on v7), you may have security concerns of exposing the API end-points to the public-internet.
I faced this problem, and started to build a little micro-service to handle initially my unsubscriptions.
After some tweaks to rate-limitation, error-handling (enumeration safety) and logging, I decided to opensource it. So here it is!
https://github.com/voltAIc-apps/mauxy/ (this name is better than the original mauxy-unsubscribe-proxy I think :))
The next question that came up is: If I’m handling unsubscribes via such a proxy, why not also do subscriptions (in single and multisite scenarios) also? Probably should..
For subscription, GDPR/double-opt-in/consent, and the related (branded) email-flow should be handled. Email-Branding is the nuance, because website-developers would want to control the look & feel. So I’m gonna take some time to think through this.
Enjoy Mauxy, thanks for testing, and ideas welcome!!
___
A couple of features Mauxy could see:
-
Handle subscriptions
-
A (secure) log-viewer that helps admins monitor system messages, as well as a record of subscription/unsubscription.
-
A “re-subscribe” endpoint for unintentional unsubscriptions.
Here’re the other Issues.