captcha.cc
Documentation

Quickstart

Get a working integration in one browser call and one server verification call.

what you need

  • A site key for the browser.
  • A secret key for your server.
  • Your frontend hostname added to the site allowlist.

browser

Mount the widget, collect the answer, and send the proof token to your server. When you call captcha.cc directly from the browser, include credentials so captcha.cc can maintain an optional shared-clearance cookie.

import { createCaptcha } from "@captchacc/browser";

const captcha = await createCaptcha(document.getElementById("captcha"), {
  siteKey: "pk_live_xxx",
  apiBase: "https://captcha.cc"
});

document.getElementById("contact-form").addEventListener("submit", async (event) => {
  event.preventDefault();

  const answer = document.getElementById("captcha-answer").value;
  const result = await captcha.verify(answer);
  if (!result.ok) {
    alert(result.error?.message || "captcha verification failed");
    return;
  }

  await fetch("/submit-form", {
    method: "POST",
    headers: { "content-type": "application/json" },
    body: JSON.stringify({ proofToken: result.proofToken })
  });
});

server

Redeem the proof token exactly once. Accept the request only if success is true.

const verifyResponse = await fetch("https://captcha.cc/v1/siteverify", {
  method: "POST",
  headers: { "content-type": "application/json" },
  body: JSON.stringify({
    secret_key: process.env.CAPTCHA_CC_SECRET_KEY,
    proof_token: req.body.proofToken
  })
});

const verify = await verifyResponse.json();
if (!verify.success) {
  return res.status(400).json({ error: "captcha verification failed", verify });
}