Form validation for email-gated viewing room in Next.js/Sanity
https://whitecube.viewingrooms.com/viewing-room/introductions-sara-flores/
For your viewing room use case, you're on the right track but don't need next-auth at all - that's designed for full authentication systems. Here's a simpler approach for your email-gate scenario:
Storing Email Submissions in Sanity
Yes, you can absolutely store submitted emails in Sanity and get a response confirming the submission. When you use the Sanity JavaScript client's create() mutation, you can use the returnDocuments parameter to get back the created document:
import { createClient } from '@sanity/client'
const client = createClient({
projectId: 'your-project-id',
dataset: 'your-dataset',
token: 'your-write-token', // Keep this secret!
apiVersion: '2025-02-19',
useCdn: false
})
// In your Next.js API route
export async function POST(request) {
const { email } = await request.json()
try {
const result = await client.create({
_type: 'viewingRoomSubmission',
email: email,
submittedAt: new Date().toISOString(),
viewingRoomId: 'your-viewing-room-id'
}, { returnDocuments: true })
// result will contain the created document with _id, _createdAt, etc.
return Response.json({
success: true,
submissionId: result._id
})
} catch (error) {
return Response.json({ success: false, error: error.message }, { status: 500 })
}
}Recommended Architecture
- Create a schema in your Sanity Studio for storing submissions:
// schemas/viewingRoomSubmission.js
export default {
name: 'viewingRoomSubmission',
type: 'document',
title: 'Viewing Room Submission',
fields: [
{
name: 'email',
type: 'string',
validation: Rule => Rule.required().email()
},
{
name: 'viewingRoomId',
type: 'string'
},
{
name: 'submittedAt',
type: 'datetime'
}
]
}Create a Next.js API route (
/app/api/submit-email/route.js) to handle the submission securely with your write token (never expose this client-side!)Use session storage or cookies on the client side to track which viewing rooms the user has accessed
Validate the email on both client and server side
Security Considerations
- Keep your Sanity write token in environment variables, never in client code
- Consider rate limiting your API route to prevent abuse
- You might want to add a simple captcha to prevent bot submissions
- Store the write token as
SANITY_WRITE_TOKENin your.env.localfile
Response Object Details
When using returnDocuments: true with mutations, Sanity returns the full created document including:
_id: The unique document ID_type: The document type_createdAt: Timestamp of creation_updatedAt: Timestamp of last update- All your custom fields (email, etc.)
According to the Sanity Mutations API documentation, you can also use returnIds: true if you only need the document IDs back rather than the full documents, which is more efficient.
This approach is much simpler than implementing full authentication and perfectly suited for your email-gated content use case! The client.create() method will return the created document when you pass the returnDocuments option, giving you confirmation that the email was successfully stored.
Show original thread10 replies
Was this answer helpful?
Sanity – Build the way you think, not the way your CMS thinks
Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.
