CAP CAPTCHA Service

Next-generation CAPTCHA service powered by Cloudflare Workers for global scale and performance

Get Started API Reference

Live Demo & Integration

Experience CAP CAPTCHA in action and see how easy it is to integrate into your applications with just a few lines of code.

Interactive Demo

Complete the CAPTCHA above to see it in action

Quick Integration

<script src="https://captcha.gurl.eu.org/cap.min.js"></script> <cap-widget id="cap" data-cap-api-endpoint="https://captcha.gurl.eu.org/api/"> </cap-widget>
const widget = document.querySelector("#cap"); widget.addEventListener("solve", async function (e) { const token = e.detail.token; // Handle the token as needed console.log("CAPTCHA solved, token:", token); // Validate the token server-side const result = await fetch('https://captcha.gurl.eu.org/api/validate', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ token: token, keepToken: false }) }); const validation = await result.json(); console.log("Validation result:", validation); });
// Server-side validation example (Node.js) app.post('/protected-endpoint', async (req, res) => { const { captchaToken } = req.body; try { const validation = await fetch('https://captcha.gurl.eu.org/api/validate', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ token: captchaToken, keepToken: false }) }); const result = await validation.json(); if (result.success) { // CAPTCHA verified, proceed with protected operation res.json({ message: 'Access granted' }); } else { res.status(400).json({ error: 'CAPTCHA verification failed' }); } } catch (error) { res.status(500).json({ error: 'Validation error' }); } });
5-minute setup
📱 Private First
🌍 Global CDN

Service Overview

CAP CAPTCHA delivers enterprise-grade bot protection through an intelligent, globally distributed CAPTCHA system. Built on Cloudflare's edge infrastructure, it provides millisecond response times and 99.99% uptime.

Ultra Performance

Edge-deployed across 250+ cities worldwide with sub-100ms response times and automatic scaling

Enterprise Security

Military-grade encryption with advanced bot detection algorithms and fraud prevention

Developer First

RESTful API design with comprehensive SDKs for all major programming languages

API Reference

Complete API documentation with examples and best practices. All endpoints support JSON and return structured responses.

POST /api/challenge Generate Challenge

Creates a new CAPTCHA challenge with cryptographically secure tokens and returns challenge data for client rendering.

Request Example:

fetch('/api/challenge', { method: 'POST', headers: { 'Content-Type': 'application/json' } })

Response Example:

{ "token": "785975238a3c4f0c1b0c39ed75e6e4cc152436cc0d94363de6", "challenge": "{ "c": 50, "s": 32, "d": 4 }", "expires": 1753924498818 }

POST /api/redeem Verify Solution

Validates user-submitted CAPTCHA solution and returns verification token for subsequent API calls.

Request Parameters:

token (string, required) - Challenge token from /api/challenge
solutions (number[], required) - Array of user solution indices

Request Example:

fetch('/api/redeem', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ token: 'c6bd7fd0bea728b5405f0e3637dca6d1b88aaf33589809a103', solutions: [1, 3, 7] }) })

Response Example:

{ "success": true, "token": "785975238a3c4f0c1b0c39:ed75e6e4cc152436cc0d94363de6", }

POST /api/validate Token Validation

Validates previously issued tokens and optionally consumes them for one-time use scenarios.

Request Parameters:

token (string, required) - Verification token to validate
keepToken (boolean, optional) - Preserve token for reuse (default: false)

Request Example:

fetch('/api/validate', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ token: '785975238a3c4f0c1b0c39:ed75e6e4cc152436cc0d94363de6', keepToken: false }) })

Response Example:

{ "success": true }

Integration Guide

  1. Generate Challenge: Request a new CAPTCHA via /api/challenge endpoint
  2. Render UI: Display the challenge content in your frontend using our SDK or custom implementation
  3. Collect Solution: Capture user interaction and prepare solution array
  4. Verify Response: Submit solution via /api/redeem for server-side validation
  5. Token Usage: Use returned token for protected operations via /api/validate

Error Handling

Our API follows REST conventions with detailed error responses and appropriate HTTP status codes:

  • 400 Bad Request: Malformed request body or missing required parameters
  • 401 Unauthorized: Invalid or expired authentication credentials
  • 404 Not Found: Requested endpoint or resource doesn't exist
  • 429 Too Many Requests: Rate limit exceeded, retry with exponential backoff
  • 500 Internal Server Error: Temporary server issue, safe to retry
Powered by Cloudflare Workers & @cap.js/server