Launch secure contact forms in minutes (no backend)

Send Emails from the Frontend Without a Backend

If your Resend API key touches the frontend, it’s public. Salting replaces your backend email proxy with a secure, encrypted bridge — rate-limited, CORS-protected, and production-ready in minutes.

Create Your Secure Resend Bridge

The Problem: Contact Forms Force You Into a Backend

Most teams spin up a Node.js or Go backend just to send a single email. That backend exists for one reason: to keep the Resend API key secret.

If you try to send emails directly from the browser, your key can leak through DevTools, build artifacts, or network logs. Then it’s game over: attackers can spam your domain and burn your limits.

Environment variables do NOT secure frontend builds. Serverless still needs CORS, secrets, and deployment pipelines.

What Happens When Your Resend Key Leaks?

  • Spam sent from your domain
  • Reputation damage + deliverability drop
  • Rate limits burned instantly
  • Unexpected usage costs
  • Blocked sending during critical periods

The Solution: The Salting Layer

Instead of calling Resend directly, you call your secure bridge:
https://api.salting.io/r/salting-io-bridge-uuid

Your real Resend API key stays encrypted inside Salting. We handle:

  • Secret key vaulting
  • AES-256 request encryption
  • CORS enforcement
  • IP & rate limiting
  • Abuse protection

You get backend-level security without running a backend.

How It Works

  1. Add your Resend API key to your Salting dashboard.
  2. Generate a private Bridge URL.
  3. (Optional) Lock usage to your domain.
  4. Point your frontend fetch requests to the bridge URL.
  5. Deploy instantly.

No API routes. No proxy server. No SMTP plumbing.

Best Use Cases

  • Contact Forms: Send user messages directly to your inbox without an API route.
  • Lead Capture: Email your sales team when a user submits a form.
  • Transactional Alerts: Send internal notifications from dashboards.
  • Onboarding Triggers: Fire welcome emails after client-side signup.

Salting vs Traditional Backend Setup

🚧 Traditional Backend Proxy

  • Requires Node.js / Go server
  • Manual CORS configuration
  • Secrets stored in your infrastructure
  • Custom rate limiting + bot protection
  • Ongoing maintenance and monitoring

☁ Serverless Function

  • Cold starts possible
  • CORS handling still required
  • Secrets + deployment pipeline complexity
  • Scaling cost spikes under spam load

⚡ Salting Layer (Recommended)

  • No server required
  • Encrypted API key vault
  • Built-in CORS enforcement
  • Integrated rate limiting
  • Abuse protection by default
  • Deploy in under 2 minutes

Frequently Asked Questions

Can I safely use this for public contact forms?

Yes — use rate limits + domain locking to prevent abuse.

Does Salting store email content?

Salting forwards requests securely. Your data remains your data.

Does this replace my backend?

If your backend exists only to hide the Resend key and protect an endpoint, yes.

Does Salting add latency?

Minimal edge overhead (typically sub-30ms).

Stop Shipping Backends for One Endpoint

If your frontend can see your Resend key, attackers can too. Secure it in minutes and ship production-ready forms today.

The playground

const response = await fetch('https://api.salting.io/r/salting-io-bridge-uuid', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    from: 'contact@yourdomain.com',
    to: 'sales@yourdomain.com',
    subject: 'New Contact Form Submission',
    html: '<p>Message received securely via Salting.</p>'
  })
});

const data = await response.json();
console.log(data);

Ready to ship?

Create Your Secure Resend Bridge