๐๐จ๐ง๐ข-๐ฃ๐ข๐ฃ๐จ๐๐๐ง๐ ๐๐๐ณ ๐๐๐๐๐๐ฆ ๐ฆ๐๐๐๐๐ฌ
You want CF7 to fill fields using an API. Most developers call the API from JavaScript. This is a mistake. It exposes your API key in the browser. People steal your key. They use your credits.
Use a two-hop system. Your browser talks to your WordPress server. Your server talks to the API. Your API key stays hidden in your wp-config.php file.
The workflow:
- User types in a field.
- JavaScript sends data to your WordPress AJAX endpoint.
- WordPress calls the API with a secret key.
- WordPress cleans the data.
- JavaScript fills the other fields.
Follow these tips:
- Use nonces to stop security attacks.
- Use debouncing. This stops requests on every keystroke.
- Wait 600ms after typing before calling the API.
- Use dispatchEvent to trigger CF7 validation.