Discussion on: Send e-mails directly from front-end with JavaScript 💥💥

Replies for: I'm curious to understand the security of this solution. If I visit your site, could I not take your USER_ID and send emails on your behalf?

Very true. An OAuth token should always be used in these API scenarios which does more than only being used for a getter.

What prevents from calling the API using an access token (from OAuth)?