When Captcha 2.0 completes behavioral verification in the client V3 architecture, it returns a response containing the verification result and status codes. Use the Network tab in your browser's developer tools to inspect the returned data during integration and testing.
Important
Each verification code can be submitted only once. Initialization records expire after 20 minutes — send a new initialization request if the interval is exceeded.
Response structure
The response has two levels: the HTTP response envelope and the Result object nested inside the HTTP body.
HTTP response parameters
| Parameter | Type | Description |
|---|---|---|
| HTTP status code | Integer | The HTTP status code. For details, see HTTP status codes. |
| RequestId | String | The request ID. |
| Success | Boolean | Whether the API request succeeded. true: the request was processed. false: the request failed. |
| Code | String | The return code. For details, see HTTP status codes. |
| Message | String | The detailed message. For details, see HTTP status codes. |
Result parameters
| Parameter | Type | Description |
|---|---|---|
| VerifyResult | Boolean | The verification result. true: verification passed. false: verification failed. |
| VerifyCode | String | The verification code indicating the specific outcome. See VerifyCode values below. |
VerifyCode values
VerifyCode values starting with T indicate verification passed. Values starting with F indicate verification failed.
Pass codes
| VerifyCode | Description | Action |
|---|---|---|
T001 | The client verification passed. | Allow the operation to proceed. |
T005 | Test mode is active and configured to pass verification. | If unexpected, log in to the Captcha 2.0 console to check the policy status for your scenario. See Integration guide for details. |
T006 | The request matched a whitelist policy and passed verification. | If unexpected, log in to the Captcha 2.0 console to review your whitelist policy. |
Fail codes
| VerifyCode | Description | Action |
|---|---|---|
F001 | Suspected attack — the request failed the risk policy check. | Block the operation. Submit a ticket if legitimate traffic is being blocked. |
F004 | Test mode is active and configured to fail verification. | If unexpected, log in to the Captcha 2.0 console to check the policy status for your scenario. See Scenario management for details. |
F008 | Duplicate submission — verification data for this code was already submitted. | Each verification code can only be submitted once. Prompt the user to refresh and complete the CAPTCHA again. |
F009 | A virtual device environment was detected (virtual machines such as VMware, VirtualBox, Hyper-V, or Parallels; emulators such as AVD, BlueStacks, or VBox/Hyper-V; or a desktop browser impersonating a mobile device). | Block the operation, or log in to the Captcha 2.0 console to disable this check in your custom policy. See Set a custom policy for details. |
F010 | The access frequency from the same IP address exceeded the limit. | Log in to the Captcha 2.0 console to configure a custom frequency threshold in your custom policy. See Set a custom policy for details. |
F011 | The access frequency from the same device exceeded the limit. | Log in to the Captcha 2.0 console to configure a custom frequency threshold in your custom policy. See Set a custom policy for details. |
F014 | No initialization record found. Two causes: (1) The interval between the initialization and verification requests exceeded 20 minutes — the backend deleted the record. (2) No initialization request was sent before the verification request — this may indicate a suspected attack or an integration error. | For cause 1, send a new initialization request and retry. For cause 2, send a client initialization request before each verification request. |
F015 | The verification interaction failed — for example, the puzzle piece was not moved to the correct position. | Prompt the user to refresh the CAPTCHA and complete the interaction again. |
F016 | The request was blocked by the URL verification policy configured in the console. | Log in to the Captcha 2.0 console to adjust the URL verification policy in your custom policy. See Set a custom policy for details. |
F017 | Suspected attack — the request failed due to an abnormal protocol or parameter. | Block the operation. |
HTTP status codes
| HTTP status code | Code | Message |
|---|---|---|
| 200 | Success | The operation was successful. |
| 400 | MissingParameter | A required parameter is missing. |
| 401 | InvalidParameter | The parameter is invalid. |
| 403 | Forbidden.AccountAccessDenied | You do not have permission. The service may not be activated, or your account may have an overdue payment. |
| 403 | Forbidden.RAMUserAccessDenied | The Resource Access Management (RAM) user does not have permission. Grant the AliyunYundunAFSFullAccess permission. See Grant permissions to a RAM role for details. |
| 500 | InternalError | An internal system error occurred. Retry the operation. If the error persists, submit a ticket for support. |