CAP 验证码服务

在线演示与集成

体验 CAP 验证码的实际效果，了解如何通过几行代码轻松集成到您的应用中。

交互式演示

快速集成

<script src="https://auth.cs76.com/cap.min.js"></script>


<cap-widget 
  id="cap" 
  data-cap-api-endpoint="https://auth.cs76.com/api/">
</cap-widget>

const widget = document.querySelector("#cap");

widget.addEventListener("solve", async function (e) {
  const token = e.detail.token;
  
  // Handle the token as needed
  console.log("CAPTCHA solved, token:", token);
  
  // Validate the token server-side
  const result = await fetch('https://auth.cs76.com/api/validate', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ 
      token: token, 
      keepToken: false 
    })
  });
  
  const validation = await result.json();
  console.log("Validation result:", validation);
});

// Server-side validation example (Node.js)
app.post('/protected-endpoint', async (req, res) => {
  const { captchaToken } = req.body;
  
  try {
    const validation = await fetch('https://auth.cs76.com/api/validate', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ 
        token: captchaToken,
        keepToken: false
      })
    });
    
    const result = await validation.json();
    
    if (result.success) {
      // CAPTCHA verified, proceed with protected operation
      res.json({ message: 'Access granted' });
    } else {
      res.status(400).json({ error: 'CAPTCHA verification failed' });
    }
  } catch (error) {
    res.status(500).json({ error: 'Validation error' });
  }
});

⚡ 5-minute setup

📱 Private First

🌍 Global CDN

Service Overview

CAP CAPTCHA delivers enterprise-grade bot protection through an intelligent, globally distributed CAPTCHA system. Built on Cloudflare's edge infrastructure, it provides millisecond response times and 99.99% uptime.

Ultra Performance

Edge-deployed across 250+ cities worldwide with sub-100ms response times and automatic scaling

Enterprise Security

Military-grade encryption with advanced bot detection algorithms and fraud prevention

Developer First

RESTful API design with comprehensive SDKs for all major programming languages

API Reference

Complete API documentation with examples and best practices. All endpoints support JSON and return structured responses.

POST /api/challenge Generate Challenge

Creates a new CAPTCHA challenge with cryptographically secure tokens and returns challenge data for client rendering.

Request Example:

fetch('/api/challenge', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  }
})

Response Example:

{
  "token": "785975238a3c4f0c1b0c39ed75e6e4cc152436cc0d94363de6",
  "challenge": "{ "c": 50, "s": 32, "d": 4 }",
  "expires": 1753924498818
}

POST /api/redeem Verify Solution

Validates user-submitted CAPTCHA solution and returns verification token for subsequent API calls.

Request Parameters:

token (string, required) - Challenge token from /api/challenge

solutions (number[], required) - Array of user solution indices

Request Example:

fetch('/api/redeem', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    token: 'c6bd7fd0bea728b5405f0e3637dca6d1b88aaf33589809a103',
    solutions: [1, 3, 7]
  })
})

Response Example:

{
  "success": true,
  "token": "785975238a3c4f0c1b0c39:ed75e6e4cc152436cc0d94363de6",
}

POST /api/validate Token Validation

Validates previously issued tokens and optionally consumes them for one-time use scenarios.

Request Parameters:

token (string, required) - Verification token to validate

keepToken (boolean, optional) - Preserve token for reuse (default: false)

Request Example:

fetch('/api/validate', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    token: '785975238a3c4f0c1b0c39:ed75e6e4cc152436cc0d94363de6',
    keepToken: false
  })
})

Response Example:

{
  "success": true
}

Integration Guide

Generate Challenge: Request a new CAPTCHA via /api/challenge endpoint
Render UI: Display the challenge content in your frontend using our SDK or custom implementation
Collect Solution: Capture user interaction and prepare solution array
Verify Response: Submit solution via /api/redeem for server-side validation
Token Usage: Use returned token for protected operations via /api/validate

Error Handling

Our API follows REST conventions with detailed error responses and appropriate HTTP status codes:

400 Bad Request: Malformed request body or missing required parameters
401 Unauthorized: Invalid or expired authentication credentials
404 Not Found: Requested endpoint or resource doesn't exist
429 Too Many Requests: Rate limit exceeded, retry with exponential backoff
500 Internal Server Error: Temporary server issue, safe to retry