Form-to-Telegram — a hardened form-forwarding backend
Turn any website form into a Telegram message — with abuse protection built in.
A small Node.js + Express backend that forwards website form submissions to a Telegram chat or channel. It ships with security in mind: a domain allowlist and rate limiting (max 10 messages per IP per hour).
What it does
Receives form data over an API and posts it to Telegram via the Bot API. Only requests from allow-listed domains are accepted, and each IP is capped at 10 messages per hour to prevent spam.
How I built it
Express with node-fetch to call the Telegram API, dotenv for secrets, CORS locked to allowed origins, and express-rate-limit for throttling. Small, focused, and reusable across any of my marketing sites.
What I learned
Even a tiny backend deserves real defenses. Domain allowlisting and rate limiting are cheap to add and save you from spam and abuse — a habit I now apply to every public endpoint.