status.health logo status.health logo status.health

Newsletter API - Resubscribe Endpoint Instructions

Newsletter API - Resubscribe Endpoint Instructions

Context

Currently, when users click “okay, okay” on the unsubscribe page to resubscribe, the API returns a 409 (Conflict) error because the email is still marked as subscribed. We need a dedicated resubscribe endpoint that handles this gracefully.

Required Endpoint

POST /api/resubscribe

This endpoint should handle users who want to resubscribe after clicking the unsubscribe link.

Request Format

{
  "token": "unsubscribe_token_from_url"
}

Behavior

  1. Validate the unsubscribe token
  2. Extract the email address associated with the token
  3. If the email is already subscribed:
    • Return success (200) with a welcome back message
    • Optionally send a “welcome back” email
  4. If the email was previously unsubscribed:
    • Reactivate the subscription
    • Return success (200) with a resubscribed message
    • Send a confirmation email

Response Format

Success (200):

{
  "success": true,
  "message": "Welcome back! You've been resubscribed to our newsletter.",
  "email": "user@example.com"
}

Invalid Token (400):

{
  "success": false,
  "error": "Invalid or expired token"
}

Server Error (500):

{
  "success": false,
  "error": "Failed to process resubscribe request"
}

Implementation Notes

  1. The token should be the same unsubscribe token from the URL
  2. The endpoint should be idempotent - calling it multiple times with the same token should return success
  3. Consider rate limiting to prevent abuse
  4. Log resubscribe events for analytics

Frontend Integration

Once implemented, the unsubscribe page will call this endpoint when the “okay, okay” button is clicked:

const response = await fetch('https://newsletter-subscribers.vercel.app/api/resubscribe', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ 
    token: userToken // from URL parameter
  })
});

Security Considerations

  1. Tokens should expire after a reasonable time (e.g., 30 days)
  2. Tokens should be single-use or have replay protection
  3. Consider CORS headers to allow requests from the blog domain

Testing

Test cases to verify:

  1. Valid token for subscribed email → 200 success
  2. Valid token for unsubscribed email → 200 success with reactivation
  3. Invalid/expired token → 400 error
  4. Missing token → 400 error
  5. Server error handling → 500 error