Docs API Reference

API Reference

Base URL: https://captchaapi.eu/api/v1

For /challenge, include your site_key in the request body. Always call /verify from your server.

POST /challenge

Request a Proof-of-Work puzzle for the client to solve.

Called automatically by captcha.js before each form submission. You only need to call this directly if you're implementing a custom client.

Request

json

{
  "site_key": "sk_live_xxxxxxxxxxxx"
}

200 Response

json

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "difficulty": 3,
  "expires_at": 1710000000
}

Error response

json

{
  "success": false,
  "error_code": "rate_limited",
  "retry_after": 10
}

Other possible errors include invalid_site_key, project_inactive, and monthly_limit_exceeded.

Response fields

token string Challenge token returned by /challenge and required for /verify.

difficulty integer Proof-of-Work difficulty level returned for the challenge.

expires_at unix timestamp Token validity window (default: 5 minutes).

POST /verify

Validate that the client correctly solved the PoW puzzle.

Always call from your server. Calling /verify from the browser exposes your verification flow and weakens protection.

Request

json

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "solution": "83421"
}

200 — Valid

json

{
  "success": true
}

Error response

json

{
  "success": false,
  "error_code": "invalid_solution"
}

Request fields

token string, required Challenge token returned by /challenge and required for /verify.

solution string, required The nonce produced by the widget’s PoW solver.