-
Notifications
You must be signed in to change notification settings - Fork 2
Web Integration
Sepehr0Day edited this page Jun 13, 2026
·
1 revision
- Generate a challenge on the server.
- Store the answer and private metadata against a random challenge ID.
- Return only the challenge ID, prompt, public image and safe UI metadata.
- Receive the user's response.
- Validate server-side using constant-time comparison where appropriate.
- Delete or expire the challenge after one attempt or a short timeout.
ChallengeResult.answer- click target coordinates
- puzzle target positions
- Maze solutions
- sequence rules
- metadata fields that directly reveal the answer
Depending on the UI, safe metadata may include grid dimensions, number of options, piece dimensions and accessibility text. Build an explicit allowlist instead of returning the complete metadata dictionary.
For low-risk use cases, encrypted or authenticated challenge state can replace server storage. Do not merely Base64-encode the answer.
- Home
- Installation
- Quick-Start
- Configuration
- Core-API
- Generator-API-Reference
- Core-Utilities
- Supported-CAPTCHAs
- All-Examples
- Text-and-Media-CAPTCHAs
- Logic-CAPTCHAs
- Image-CAPTCHAs
- Selection-CAPTCHAs
- Puzzle-CAPTCHAs
- Visual-Reasoning-CAPTCHAs
- Tkinter-Examples
- Web-Integration
- Architecture
- Creating-a-Generator
- Security
- Publishing
- Migration-to-2.0
- FAQ