Posting to a (secret) webhook best practise

Hey I've got a question about the best way to try and solve this problem. I've got a discord webhook and a button that when pressed, sends a message to that webhook. The webhook URL is secret, and therefore stored in the environment variables, however, that means it's serverside only. My thoughts are either - Make this POST request serverside via the pages/api folder, but not sure how to get the session to authenticate this - pass through context in the req.body and use getServerAuthSession? Or, get the env variable via getServerSideProps and maybe create a function that the frontend can call with a payload for the webhook? Not sure what the best approach here is, any advice would be appreciated Button onClick in attachment, this fails as the env variable can't be accessed