Allow users sending emails with template only

lets say I’ve build an app with some content that user want to share links to via email.
So there’s one problem.
If i make rest request to send mails - it works fine but theres security problem.
Now user is allowed to send any email as our company - using console and rest query.

How to prevent them sending any other mails than my email template with dynamicly generated link?

You could have a server side script on the email service that validates the email parameters before the email is sent. If something about the request is invalid the script can throw an exception and no email is sent.

Currently we don’t have pre and post scripts for the email service but I think these could be added by us fairly easily. Would that solve your problem?