All Products
Search
Document Center

Captcha:Integration guide

Last Updated:Sep 11, 2024

After you activate CAPTCHA 2.0, you must integrate CAPTCHA 2.0 into your business client and business server before you use CAPTCHA 2.0. This topic describes how to integrate CAPTCHA 2.0 into a business client and a business server.

Procedure

image

If you have questions during integration, submit a ticket to contact technical support.

Step 1: Activate CAPTCHA 2.0

  1. Log on to the CAPTCHA 2.0 console.

  2. On the Alibaba Cloud CAPTCHA 2.0 buy page, click Buy Now.

    On the Overview page of the CAPTCHA 2.0 console, view the identity of the CAPTCHA 2.0 instance that you purchase. You can use the identity to integrate CAPTCHA 2.0 into your business client.Identity For more information, see Integrate CAPTCHA 2.0 into a business client.image.png

Step 2: Create a verification scenario

Important

When you create a verification scenario, you can set the Rule Status parameter to Test Mode to skip the risk verification of CAPTCHA 2.0 and only check whether the access to CAPTCHA 2.0 is normal. This prevents an access test from being mistakenly judged by CAPTCHA 2.0 as machine behavior.

If the access to CAPTCHA 2.0 is normal after CAPTCHA 2.0 is integrated, you must set the Rule Status parameter to Official Release at the earliest opportunity. Then, CAPTCHA 2.0 can work as expected to defend your website resources against access from malicious programs.

  1. Log on to the CAPTCHA 2.0 console.

  2. In the left-side navigation pane, click Scenarios.

  3. On the Scenarios page, click Create Scenario.

  4. In the Create Scenario panel, configure the following parameters and click OK.

    Parameter

    Description

    Scenario Name

    The name of the verification scenario.

    The name must be 1 to 32 characters in length and can contain letters, digits, and underscores (_).

    Client Type

    The type of the business client on which you want to call CAPTCHA 2.0. Valid values:

    • Web: If you select this option, you must integrate CAPTCHA 2.0 into your business client and business server. For more information, see the Call CAPTCHA 2.0 on a web or HTML5 client section of this topic.

    • H5: If you select this option, you must integrate CAPTCHA 2.0 into your business client and business server. For more information, see the Call CAPTCHA 2.0 on a web or HTML5 client section of this topic.

    • App(Webview+H5): If you select this option, you must integrate CAPTCHA 2.0 into your business client, business server, and application. For more information, see the Call CAPTCHA 2.0 on an application section of this topic.

    • WeChat Mini Programs: If you select this option, you must integrate CAPTCHA 2.0 with your WeChat mini program. For more information, see Integrate CAPTCHA 2.0 with a WeChat mini program.

      Note

      WeChat mini programs do not support the invisible CAPTCHA mode and custom policies.

    Verification Type

    The CAPTCHA type. Valid values:

    • Invisible CAPTCHA: An invisible CAPTCHA is imperceptible to users.

      If you select this option, you must configure the Additional Challenge parameter. Valid values of the Additional Challenge parameter: Slider CAPTCHA, Puzzle Verification, Visual Reasoning CAPTCHA, and Image Restoration.

    • Slider CAPTCHA: Users drag the slider to complete the CAPTCHA.

    • Puzzle Verification: Users drag the slider to complete the puzzle.

    • Visual Reasoning CAPTCHA: Users follow the displayed instructions to complete the CAPTCHA.

    • Image Restoration: Users drag the slider to restore the image.

    Rule Status

    The state of the verification scenario. Valid values:

    • Official Release (default): In this state, CAPTCHA 2.0 works to defend website resources against access from malicious programs. After a business server initiates a verification request, CAPTCHA 2.0 performs risk verification and returns the verification result.

    • Test Mode: In this state, CAPTCHA 2.0 only checks whether the access to CAPTCHA 2.0 is normal, but does not perform risk verification. CAPTCHA 2.0 returns only the verification result that you specify when you create the verification scenario. After the test is complete, you must change the state of the verification scenario to Official Release. It takes about 5 minutes for the state to take effect.

      In the Test Mode state, you can specify the verification result to return for different CAPTCHA types.

      • If you set the Verification Type parameter to Invisible CAPTCHA and the Additional Challenge parameter to Slider CAPTCHA or Puzzle Verification, you can select Pass Invisible CAPTCHA, Fail Invisible CAPTCHA and Pass Additional Challenge, or Fail Invisible CAPTCHA and Additional Challenge.

      • If you set the Verification Type parameter to Invisible CAPTCHA and the Additional Challenge parameter to Visual Reasoning CAPTCHA, you can select Pass Invisible CAPTCHA or Fail Invisible CAPTCHA.

      • If you set the Verification Type parameter to Slider CAPTCHA, you can select Pass Verification or Fail Verification.

      • If you set the Verification Type parameter to Puzzle Verification, you can select Pass Verification or Fail Verification.

      • If you set the Verification Type parameter to Visual Reasoning CAPTCHA, the Test Mode state is not supported.

      • If you set the Verification Type parameter to Image Restoration, you can select Pass Verification or Fail Verification.

    Important

    You are charged for each call to CAPTCHA 2.0 in a verification scenario regardless of whether the Rule Status parameter of the verification scenario is set to Official Release or Test Mode.

    After you create the verification scenario, view the scenario ID on the Scenario ID page. You can use the scenario ID to integrate CAPTCHA 2.0 into your business client. For more information, see the Step 3: Integrate CAPTCHA 2.0 section of this topic.image.png

Step 3: Integrate CAPTCHA 2.0

Note

If you have questions during integration, submit a ticket to contact technical support.

Call CAPTCHA 2.0 on a web or HTML5 client

If you want to call CAPTCHA 2.0 on a web or HTML5 client, you must set the Client Type parameter to Web or H5 when you create a verification scenario.

  1. Client integration: On a business page of the web or HTML5 client on which you want to call CAPTCHA 2.0, integrate the initialization code of CAPTCHA 2.0. For more information, see Integrate CAPTCHA 2.0 into a business client.

  2. Server integration: On the business server of the web or HTML5 client, integrate a CAPTCHA 2.0 server SDK based on your programming language. Then, call the VerifyIntelligentCaptcha operation on the business server to initiate a verification request. For more information, see Integrate CAPTCHA 2.0 into a business server.

Call CAPTCHA 2.0 on an application

If you want to call CAPTCHA 2.0 on an application, you must set the Client Type parameter to App(Webview+H5) when you create a verification scenario.

  1. Client integration: On a business page of the web or HTML5 client on which you want to call CAPTCHA 2.0, integrate the initialization code of CAPTCHA 2.0. For more information, see Integrate CAPTCHA 2.0 into a business client.

  2. Server integration: On the business server of the web or HTML5 client, integrate a CAPTCHA 2.0 server SDK based on your programming language. Then, call the VerifyIntelligentCaptcha operation on the business server to initiate a verification request. For more information, see Integrate CAPTCHA 2.0 into a business server.

  3. Application integration

Call CAPTCHA 2.0 in a WeChat mini program

If you want to call CAPTCHA 2.0 in a WeChat mini program, you must set the Client Type parameter to WeChat Mini Programs when you create a verification scenario.

WeChat mini program integration: After you create the verification scenario in the console, integrate the initialization code of CAPTCHA 2.0 with the WeChat mini program in which you want to call CAPTCHA 2.0. For more information, see Integrate CAPTCHA 2.0 with a WeChat mini program.

Step 4: Verify the integration

1. Check whether CAPTCHA 2.0 is integrated into the business client

After you initiate a CAPTCHA request on the business client, open the browser console of the business page on which CAPTCHA 2.0 is integrated and view the information on the Network tab.

If all of the following information is displayed, CAPTCHA 2.0 is integrated into the business client:

  • Initialization request, as marked by ① in the following figure

  • CAPTCHA-related parameters of the initialization request that are displayed on the Preview tab, as marked by ② in the following figure, with the value of Success being true

  • CAPTCHA resources, as marked by ③ in the following figure

image.png

2. Check whether CAPTCHA 2.0 is integrated into the business server

After you complete the CAPTCHA and business interaction on the business client, the business client sends the captchaVerifyParam parameter to the business server by calling an API operation. The business server calls the VerifyIntelligentCaptcha operation to initiate a verification request. Then, the CAPTCHA 2.0 server returns the verification result.

You can view the verification result, as marked by ② in the following figure, on the Preview tab of the server request, as marked by ① in the following figure. If the value of Success is true, CAPTCHA 2.0 is integrated into the business server. If the value of Success is false, CAPTCHA 2.0 fails to be integrated into the business server.

image.png

Note

The server request may vary with your business. In this example, the bizquery server request is used.

3. Check whether CAPTCHA 2.0 works as expected

After the business server returns the verification result and business processing result to the business client, the business client performs business processing based on the returned results. You can trigger a CAPTCHA challenge on the business client to check whether CAPTCHA 2.0 works as expected.

  • Slider CAPTCHA, Puzzle Verification, or Visual Reasoning CAPTCHA: If a message appears to indicate that the verification is passed after you complete the CAPTCHA as prompted, CAPTCHA 2.0 works as expected.

  • Invisible CAPTCHA: If your business interaction is implemented, CAPTCHA 2.0 works as expected. In a logon scenario, if a message appears to indicate that you have logged on after you log on by using the username and password, CAPTCHA 2.0 works as expected.

Step 5: Release CAPTCHA 2.0

After you perform the preceding steps, you can release CAPTCHA 2.0.

Related operations

View verification statistics

After CAPTCHA 2.0 is integrated, you can view verification statistics on the Overview page of the CAPTCHA 2.0 console. For more information, see View verification statistics.

Delete a verification scenario

Warning

After you delete a verification scenario, all historical data is deleted and data rollback is not supported. In addition, you can no longer call CAPTCHA 2.0 based on this verification scenario. Before you delete a verification scenario, make sure that you no longer need the verification scenario.

  1. On the Scenarios page, find the scenario that you want to delete and click Delete in the Actions column.

  2. In the Confirm Delete dialog box, enter the scenario ID, select the check boxes for the risk information, and then click OK.image.png