I have been able to host a static website in an Azure blob by using an HTTP redirect.

As I describe here:

I found a way to host a static website in an Azure blob, using a subdomain and an http re-direct

I do the following

1) In Azure I create a storage account with a container ( called docs ) that has Blob access policy.

2) I upload my static website to the docs container using the storage explorer. This includes some PHP files in a sub folder.

3) In the DNS I set up a cname record for a subdomain ( called info say) with alias myblob.blob.core.windows.net ( where myblob is the name of my blob)

4) In the DNS I create an Http redirect for record to a file on the subdomain for www with url xhttp://info.mydomainname.com/docs/index.html ( spelt without the x. I put an x in front to prevent the hyperlink )

5) In Azure I create a custom domain for info.mydomainname.com

My website then works however if someone knows the location of the PHP files then they can download them which means I must not store secrets in them.

Is there a way I can prevent them from being accessed?

I am using a Blob access policy for my container

However I can't prevent files from being accessed ( except for by name obscurity ) thus I would prefer not to store secrets in any files in the blob.

Given that, how can I go about implementing a Contact form that calls an API to send an email ?

It doesn't make sense to deploy the PHP files to Azure blob storage. PHP scripts are not static content and they should be executed on a web server like Apache, Microsoft IIS etc..

So, you may consider using Azure App Service to host your PHP files and some other static content. With this approach, the content of PHP files cannot be viewed, however, you can store secrets in them.

About how to do that, see Create a PHP web app in Azure.