All Products
Search

This Product

    Captcha:Integration guide

    Document Center

    Captcha:Integration guide

    Last Updated:Nov 10, 2025

    After you activate Captcha 2.0, you must integrate it on your client and server to use it for verification. This topic describes the client-side and server-side integration process.

    Method overview

    You can integrate Alibaba Cloud Captcha in four steps:

    1. Activate Captcha 2.0 with a subscription or pay-as-you-go plan and obtain the prefix.

    2. Create a verification scenario and obtain the scenario ID.

    3. Integrate Captcha into your business client and server, and then test the verification.

    4. Publish your application.

    image

    V3 verification architecture sequence diagram

    Slider, puzzle, click-to-pass, and image restoration

    image

    Description of the sequence diagram:

    1. When a user initializes Captcha on the business client, the client requests JavaScript (JS) resources, such as images or questions, from the Captcha server.

    2. The Captcha server dynamically returns the JS resources. The business client then loads the resources and renders the Captcha.

    3. After the user successfully interacts with the Captcha on the business client, such as by solving a slider, puzzle, or image restoration challenge, the JS automatically sends a request to verify the answer. The Captcha server verifies if the answer is correct and if the request is from a machine.

    4. If the verification is successful, the Captcha server calls the success callback function and returns CaptchaVerifyParam. If the verification fails, the Captcha automatically refreshes for a new attempt.

    5. The business client sends a request that contains business parameters and CaptchaVerifyParam to the business server.

    6. The business server calls the VerifyIntelligentCaptcha API of the Captcha server to verify the CaptchaVerifyParam parameter.

    7. The Captcha server verifies if the parameters are correct and if the request is malicious, and then returns the verification result.

    8. The business server processes the business logic based on the verification result and returns the verification and business results to the client's web page.

    No-captcha verification

    image

    Description of the sequence diagram:

    1. When a user initializes Captcha on the business client, the client requests JS resources, such as images or questions, from the Captcha server.

    2. The Captcha server dynamically returns the relevant JS resources.

    3. When the user first clicks the trigger button on the business client to initiate verification, the Alibaba Cloud server verifies if the user is secure.

    4. The Alibaba Cloud server returns the verification result to the business client:

      • If the user is not a risk, the initial verification passes. The success callback function is called to return CaptchaVerifyParam for subsequent business signature verification.

      • If the user is a risk, the initial verification is considered suspicious, and a secondary verification is triggered.

        1. The business client loads JS resources and renders the Captcha. After the user successfully interacts with the Captcha, such as by solving a slider, puzzle, or image restoration challenge, the JS automatically sends a request to verify the answer. The Captcha server verifies if the answer is correct and if the request is from a machine.

        2. If the secondary verification is successful, the success callback function is called to return CaptchaVerifyParam for subsequent business signature verification. If the secondary verification fails, the business client automatically refreshes the Captcha for a new attempt.

    5. The business client sends a request that contains business parameters and CaptchaVerifyParam to the business server.

    6. The business server calls the VerifyIntelligentCaptcha API of the Captcha server to verify the CaptchaVerifyParam parameter.

    7. The Captcha server verifies if the parameters are correct and if the request is malicious, and then returns the verification result.

    8. The business server processes the business logic based on the verification result and returns the verification and business results to the client's web page.

    Step 1: Activate the Captcha service

    1. Log on to the Captcha 2.0 console and click Buy Now.

    2. After you activate the Captcha service, go to the **Basic Information** card on the Overview page to obtain the Identity Prefix. The prefix is used for client-side integration.image.png

    Step 2: Create a verification scenario

    1. In the navigation pane on the left, click Scenarios > Create Scenario.

    2. Create a verification scenario as needed. Set parameters such as Scenario Name, Integration Method, and Verification Type, and then obtain the Scenario ID.

    Step 3: Integrate Captcha

    Web and H5 integration

    If you use Web and H5 integration, set Integration Method to Web/H5 when you create the verification scenario.

    1. Client-side integration: On the client pages (Web and H5) that use the verification feature, integrate the Captcha initialization code. For an example of the initialization code, see Web and H5 client V3 architecture integration.

    2. Server-side integration: On the server corresponding to the client pages (Web and H5), integrate the SDK. Then, call the VerifyIntelligentCaptcha API to initiate Captcha verification. For more information, see Server-side integration.

    App integration

    If you use app integration, set Integration Method to Webview+H5 (for Apps And WeChat Mini Programs) when you create the verification scenario.

    1. Client-side integration: On the client pages (Web and H5) that use the verification feature, integrate the Captcha initialization code. For an example of the initialization code, see Web and H5 client V3 architecture integration.

    2. Server-side integration: On the server corresponding to the client pages (Web and H5), integrate the SDK. Then, call the VerifyIntelligentCaptcha API to initiate Captcha verification. For more information, see Server-side integration.

    3. App-side integration

      • Android app: Use a WebView component to enable and deploy the business pages that require Captcha 2.0 in your app. For more information, see Android V3 architecture integration.

      • iOS app: Use a WKWebView component to enable and deploy the business pages that require Captcha 2.0 in your app. For more information, see iOS V3 architecture integration.

    WeChat Mini Program integration

    If you use WeChat Mini Program integration, set Integration Method to Webview+H5 (for Apps And WeChat Mini Programs) or WeChat Mini Program Native Plugin when you create the verification scenario.

    WeChat Mini Program integration: After you add a verification scenario in the console, integrate the Captcha initialization code on the WeChat Mini Program pages that use the verification feature. For more information, see Mini Program integration.

    Integration verification

    • Test the business client initialization

      After the configuration is complete, open the browser console for the page where Captcha is integrated. Check the information on the Network tab.

      If all the following items are present, the client-side integration is successful:

      • Initialization request (① in the figure)

      • The Preview of the initialization request contains Captcha information (② in the figure), and success is true.

      • Captcha resources (③ in the figure)image.png

    • Test the business client verification

      After you send a verification request, open the browser console for the page where Captcha is integrated. Check the information on the Network tab.

      If VerifyResult is true (① in the figure), the verification is successful.167d503fc87ab8383c045bf94889cb4c

    • Test the server-side integration

      After successful client-side integration, the business API sends the captchaVerifyParam verification parameter to the business server. The business server then calls the Alibaba Cloud VerifyIntelligentCaptcha API, which returns a verification result.

      You can view the verification result in the business server's response. If VerifyResult is true, the server-side integration is successful.

      {
    "RequestId": "C******-B***-4***-A***-5*******1",
    "Message": "success",
    "HttpStatusCode": 200,
    "Code": "Success",
    "Success": true,
    "Result": {
        "VerifyCode": "T001",
        "VerifyResult": true
    }
}

    • Test if the Captcha works as expected

      After successful server-side integration, the business result and the Alibaba Cloud Captcha result are returned to the client. The client performs different business operations based on the returned results. You can use the Captcha on the client to test if the verification works as expected.

      • For Slider Verification, Jigsaw Verification, Click-to-pass Verification, and Image Restore Verification, the verification is successful when the Verification Passed message is displayed.

      • No-CAPTCHA verification: A successful business interaction indicates a successful verification. For example, in a logon scenario, the verification is successful if the Logon Successful message is displayed after you log on with your username and password.

    Step 4: Publish your application

    After completing the preceding steps, you can publish the Captcha.

    View statistical data

    After you complete the integration and configuration, you can view verification data on the View statistical data page.