Is it possible to abuse sendEmail API call?

Actually, I think it is possible - when you have configured email in backendless app, you can (as webapp user, not developer) simply call Backendless.Messaging.sendEmail from browser console of webapp and email is sent. Maybe add some permission to be able to call sendEmail only from BL?

Hi Yuriy,

It would be possible to stop unwanted usage of the API with custom business logic. But without it, you’re right, one might be able to take advantage of the API. We will look into making it easier to configure a special permission.

Regards,
Mark