I've built a Django based web-application with the REST framework and I now want to implement a contact form. This will just take a message and send an email to an admin. It should be a generic POST endpoint ie. website/contact as there are several pages which should use it ie. "Contact us" or "Support".
How do I make this "safe" to use online, to stop spammers. I don't think a captcha is enough as if someone reads the Javascript + finds out the endpoint - they could abuse it?
How should I do this? Help is greatly appreciated.
Language agnostic answer: The captcha isn't solely a front end tool. The front end can collect the response from the captcha and then your server can handle the validation. For example, you can require the captcha result to be passed up as another parameter and then use something like google's reCAPTCHA to verify (especially needs to happen backend if you're handling secret keys from them). Then when it's verified you can process the contact form as you normally would.
Django specific answer: Here's a tutorial outlining the method above for the steps you'd take to implement it in django https://simpleisbetterthancomplex.com/tutorial/2017/02/21/how-to-add-recaptcha-to-django-site.html