All Products
Search
Document Center

Captcha:Integrate Captcha 2.0 into a business client

Last Updated:Dec 20, 2024

After you create a verification scenario in the Captcha 2.0 console, you must integrate the initialization code of Captcha 2.0 into a business page of a web or HTML5 client on which you want to call Captcha 2.0. This topic describes how to integrate the initialization code of Captcha 2.0 into a business client.

Prerequisites

Captcha 2.0 is activated, and a verification scenario whose Client Type is Web or H5 is created. For more information, see Step 2: Create a verification scenario.

Integrate the initialization code of Captcha 2.0

Both the web and HTML5 clients support pop-up and embedded CAPTCHA modes. In this example, the logon scenario is used to describe how to integrate the initialization code of Captcha 2.0 into the source code of a business client.

Important
  • We recommend that you specify the required initialization parameters based on the parameter description and reserve the CAPTCHA page elements when you integrate Captcha 2.0. The page elements are the DOM elements to which the element and button parameters point. In the following example, <div id="captcha-element"></div> is specified.

  • We recommend that you specify an adaptive height for the business module container when you integrate Captcha 2.0. This prevents the element height from exceeding the container height due to the change of the CAPTCHA height if you change the CAPTCHA type later.

  • After the integration, if you modify the scenario settings such as the CAPTCHA type in the Captcha 2.0 console, you do not need to modify the initialization parameters or page structure. The program loads the settings on demand.

  1. Reserve the CAPTCHA page elements in the source code of the business client. In this example, the logon scenario is used.

    // Example of the source code of a business client
     const button = document.getElementById('button');
     button.onclick = function () {
       // Initiate a request to the backend.
       const result = await getWithParams('xx', { 
           yourBizParam... // The business parameter.
       });                
       const { bizResult } = result;
       if (bizResult) {
         // You are navigated to the corresponding page. In this example, the page https://www.aliyun.com/ is specified.
         window.location.href = 'https://www.aliyun.com/';
       }
     }
    
    // The code in the request body of the business client.
    <div id="space-semantic">
        <div id="embed-wrapper">
            <h2>Pop-up</h2>
            <div class="embed-wrapper">
                <div>
                    <label>Username:</label>
                    <input id="username-embed" class="biz-input">
                </div>
                <div>
                    <label>Password:</label>
                    <input id="password-embed" type="password" class="biz-input">
                </div>
                <div id="captcha-element"></div>  // The reserved CAPTCHA page element, which is used to configure the element parameter in the initializer function.
                <button id="button" class="login-btn">Log On</button>
            </div>
        </div>
    </div>
  2. Integrate the initialization code of Captcha 2.0 into the original code of the business client.

    Important
    • By default, JavaScript is loaded online to update the most recent security capabilities. If you pull code of earlier versions and deploy the code on your on-premises machine, the parameter values in the code cannot be updated. This is not recommended. You must manually update the code based on the update notifications of JavaScript versions.

    • We recommend that you do not repeatedly call the initAliyunCaptcha initialization method unless required. For example, if initialization parameters are modified, you can call the method. For more information, see Q1: What is the lifecycle of a CAPTCHA?

    Pop-up

    // 1. Integrate the main JavaScript code.
    <script type="text/javascript" src="https://o.alicdn.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js"></script>
    // 2. Create a <script> tag to call the initializer function initAliyunCaptcha.
    <script>
      let captcha;
      // Pop-up
      initAliyunCaptcha({
        SceneId: 'c9h3****', // The ID of the scenario. After you create a verification scenario, you can view the scenario ID on the Scenarios page of the Captcha 2.0 console.
        prefix: '89****', // The identity of the Captcha 2.0 instance that you purchase. After you activate Captcha 2.0, you can view the identity of the purchased Captcha 2.0 instance on the Overview page of the Captcha 2.0 console.
        mode: 'popup', // The CAPTCHA mode. The value popup specifies the pop-up mode. You do not need to modify this parameter.
        element: '#captcha-element', // The element that is reserved on the page and is used to render a CAPTCHA. The element is the same as the reserved page element in the original code. 
        button: '#button', // The element that triggers the pop-up CAPTCHA window. The value button specifies that the captchaVerifyCallback function is triggered after you click the logon button. You can modify the value of the element parameter based on the element that you use.
        captchaVerifyCallback: captchaVerifyCallback, // The callback function that is used to initiate a CAPTCHA verification request for the business request. You do not need to modify this function.
        onBizResultCallback: onBizResultCallback, // The callback function that is used to process the result of the business request. You do not need to modify this function.
        getInstance: getInstance, // The function that is used to bind the Captcha 2.0 instance. You do not need to modify this function.
        slideStyle: {
          width: 360,
          height: 40,
        }, // The slider CAPTCHA. You can change the width and height. Unit: pixels. The minimum width is 320 pixels.
        language: 'cn', // The language of the verification code. Valid values: cn, tw, and en.
        region: 'cn' // The region to which the Captcha 2.0 instance belongs. Valid values: cn and sgp.
      });
    
      // The function that is used to bind the Captcha 2.0 instance. This function is written in a fixed format. You do not need to modify this function.
      function getInstance(instance) {
        captcha = instance;
      }
    
      // The callback function that is used to initiate a CAPTCHA verification request for the business request.
      /**
       * @name captchaVerifyCallback
       * @function
       * The request parameter: The verification parameter that is called back by the CAPTCHA script. You can directly pass this parameter to the business server without modifying it.
       * @params {string} captchaVerifyParam
       * The response parameters: The parameter names are fixed. The captchaResult parameter is required. If no business verification is involved, the bizResult parameter is optional.
       * @returns {{captchaResult: boolean, bizResult?: boolean|undefined}} 
       */
      async function captchaVerifyCallback(captchaVerifyParam) {
        // 1. Initiate a business request to the backend server to obtain the CAPTCHA verification result and the business verification result.
        const result = await xxxx('http://The request URL', {
            captchaVerifyParam: captchaVerifyParam, // The verification parameter.
            yourBizParam... // The business parameter.
        });
    
        // 2. Construct standard response parameters.
        const verifyResult = {
          captchaResult: result.captchaVerifyResult, // Required. Indicates whether the CAPTCHA verification is passed. The value is of the BOOLEAN type.
          bizResult: returns the business verification result, // Optional. Indicates whether the business verification is passed. The value is of the BOOLEAN type. If no business verification is involved, the bizResult parameter is left empty.
        };
        return verifyResult;
      }
    
      // The callback function that is used to process the result of the business request.
      function onBizResultCallback(bizResult) {
        if (bizResult === true) {
          // If the business verification is passed, you are navigated to the specified page. In this example, the page https://www.aliyun.com/ is specified.
          window.location.href = 'https://www.aliyun.com/';
        } else {
          // If the business verification fails, an error message appears. In this example, the "The business verification failed." message is specified. 
          alert('The business verification failed. ');
        }
      }
    </script>

    Embedded

    // 1. Integrate the main JavaScript code.
    <script type="text/javascript" src="https://o.alicdn.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js"></script>
    // 2. Create a <script> tag to call the initializer function initAliyunCaptcha.
    <script>
      let captcha;
      // Embedded
      initAliyunCaptcha({
        SceneId: 'c9h3****', // The ID of the scenario. After you create a verification scenario, you can view the scenario ID on the Scenarios page of the Captcha 2.0 console.
        prefix: '89****', // The identity of the Captcha 2.0 instance that you purchase. After you activate Captcha 2.0, you can view the identity of the purchased Captcha 2.0 instance on the Overview page of the Captcha 2.0 console.
        mode: 'embed', // The CAPTCHA mode. The value embed specifies the embedded mode. You do not need to modify this parameter.
        element: '#captcha-element', // The element that is reserved on the page and is used to render a CAPTCHA. The element is the same as the reserved page element in the original code. 
        button: '#button', // The element that triggers the business request. The value button specifies that the captchaVerifyCallback function is triggered after you click the logon button. You can modify the value of the element parameter based on the element that you use.
        captchaVerifyCallback: captchaVerifyCallback, // The callback function that is used to initiate a CAPTCHA verification request for the business request. You do not need to modify this function.
        onBizResultCallback: onBizResultCallback, // The callback function that is used to process the result of the business request. You do not need to modify this function.
        getInstance: getInstance, // The function that is used to bind the Captcha 2.0 instance. You do not need to modify this function.
        slideStyle: {
          width: 360,
          height: 40,
        }, // The slider CAPTCHA. You can change the width and height. Unit: pixels. The minimum width is 320 pixels.
        language: 'cn', // The language of the verification code. Valid values: cn, tw, and en.
        immediate: false, // Specifies whether to immediately call the captchaVerifyCallback function after the verification is complete.
        region: 'cn' // The region to which the Captcha 2.0 instance belongs. Valid values: cn and sgp.
      });
    
      // The function that is used to bind the Captcha 2.0 instance. This function is written in a fixed format. You do not need to modify this function.
      function getInstance(instance) {
        captcha = instance;
      }
    
      // The callback function that is used to initiate a CAPTCHA verification request for the business request.
      /**
       * @name verifyCaptchaCallback
       * @function
       * The request parameter: The verification parameter that is called back by the CAPTCHA script. You can directly pass this parameter to the business server without modifying it.
       * @params {string} captchaVerifyParam
       * The response parameters: The parameter names are fixed. The captchaResult parameter is required. If no business verification is involved, the bizResult parameter is optional.
       * @returns {{captchaResult: boolean, bizResult?: boolean|undefined}} 
       */
      async function captchaVerifyCallback(captchaVerifyParam) {
        // 1. Initiate a business request to the backend server to obtain the CAPTCHA verification result and the business verification result.
        const result = await xxxx('http://The request URL', {
            captchaVerifyParam: captchaVerifyParam, // The verification parameter.
            yourBizParam... // The business parameter.
        });
    
        // 2. Construct standard response parameters.
        const verifyResult = {
          captchaResult: result.captchaVerifyResult, // Required. Indicates whether the CAPTCHA verification is passed. The value is of the BOOLEAN type.
          bizResult: returns the business verification result, // Optional. Indicates whether the business verification is passed. The value is of the BOOLEAN type. If no business verification is involved, the bizResult parameter is left empty.
        };
        return verifyResult;
      }
    
      // The callback function that is used to process the result of the business request.
      function onBizResultCallback(bizResult) {
        if (bizResult === true) {
          // If the business verification is passed, you are navigated to the specified page. In this example, the page https://www.aliyun.com/ is specified.
          window.location.href = 'https://www.aliyun.com/';
        } else {
          // If the business verification fails, an error message appears. In this example, the "The business verification failed." message is specified. 
          alert('The business verification failed. ');
        }
      }
    </script>

    The captchaVerifyCallback function uses the ES6 syntax of JavaScript. If you want to use the ES5 syntax, you must also call the callback function and specify the verification result.

    /**
     * @name captchaVerifyCallback
     * @function
     * @param {String} captchaVerifyParam - The verification parameter that is called back by the CAPTCHA script. You can directly pass this parameter to the business server without modifying it.
     * @param {Function} callback - The callback function that is used to process the verification result. This function is compatible with the ES5 syntax of JavaScript.
     */
    function captchaVerifyCallback(captchaVerifyParam, callback) {
      // 1. Initiate a business request to the backend server to obtain the CAPTCHA verification result and the business verification result.
      requestVerifyResult('http://The request URL', { 
          captchaVerifyParam: captchaVerifyParam, // The verification parameter.
          yourBizParam... // The business parameter.
      }, function(result) {
          // 2. Construct standard response parameters.
          var verifyResult = {
              captchaResult: result.captchaVerifyResult,
              bizResult: result.bizResult,
          };    
          // The callback function. Specify the verification result.
          callback(verifyResult);
      });
    }

If you have questions about how to use Captcha 2.0, submit a ticket to contact technical support.

Parameter description

initAliyunCaptcha

Parameter

Type

Required

Default value

Description

SceneId

String

Yes

No default value

The ID of the verification scenario. You can obtain the ID after you create a verification scenario. For more information, see Step 2: Create a verification scenario.

prefix

String

Yes

No default value

The identity of the Captcha 2.0 instance. You can obtain the ID after you activate Captcha 2.0. For more information, see Step 1: Activate Captcha 2.0.

mode

String

Yes

No default value

The CAPTCHA mode. Valid values:

  • popup: pop-up mode

  • embed: embedded mode

element

String

Yes

captcha-element

The element reserved on the page that is used to render a CAPTCHA. The element is consistent with the reserved page element in the source code.

button

String

Yes

No default value

The element that triggers the pop-up CAPTCHA window. The value is the same as that of the button parameter in the request body of the business client.

captchaVerifyCallback

Function

Yes

captchaVerifyCallback

The callback function that is used to initiate a CAPTCHA verification request for the business request. For more information, see captchaVerifyCallback.

onBizResultCallback

Function

Yes

onBizResultCallback

The callback function for the business request verification result that is used to specify the verification result processing logic.

getInstance

Function

Yes

getInstance

The function that is used to bind the Captcha 2.0 instance, which is implemented in the following fixed format:

function getInstance(instance) {
 captcha = instance;
 }

slideStyle

Object

No

{ width: 360, height: 40 }

The style of the slider CAPTCHA. You can specify the width and height. Unit: pixel.

Important
  • The slider CAPTCHA needs to be dragged to collect enough information for policy model judgement. Therefore, we recommend that you set the minimum value of the width parameter of the slider to 320 pixels. If the value of the width parameter is less than 320 pixels, the system uses the default width of 320 pixels.

  • This parameter is valid only for slider CAPTCHAs and does not apply to puzzle CAPTCHAs. If you use a puzzle CAPTCHA, do not attempt to overwrite CSS code to modify the original style. This is because the image size of a puzzle CAPTCHA and the verification answer are predefined. If you forcibly modify the style by overwriting CSS code, an error may occur in the verification.

language

String

No

cn

The language of the verification code. For more information about the supported languages, see Configure custom text and multi-language settings.

immediate

Boolean

No

false

Specifies whether to immediately call the captchaVerifyCallback function after a user completes security verification and solves an embedded CAPTCHA.

region

String

No

cn

The region to which the Captcha 2.0 instance belongs. Valid values:

  • cn: Chinese mainland

  • sgp: Singapore

Important
  • If the endpoint that is used to integrate Captcha 2.0 does not match the region that is specified by the region parameter, an error message is returned.

  • Control planes are separately configured for Captcha 2.0 in the China (Shanghai) and Singapore regions. The behavior data and device data collected by the client are sent to the corresponding control plane for processing based on the callback parameters that you specify. This achieves security verification.

timeout

Number

No

10000

The timeout period for a single request to initialize a CAPTCHA.

captchaVerifyCallback

  • Request parameters

    Parameter

    Type

    Required

    Default value

    Description

    captchaVerifyParam

    String

    Yes

    captchaVerifyParam

    The CAPTCHA parameter. The parameter is a verification parameter that is called back by the CAPTCHA script. Directly pass this parameter to the business server instead of modifying it.

  • Response parameters

    Parameter

    Type

    Default value

    Description

    captchaResult

    Boolean

    No default value

    Indicates whether the CAPTCHA verification is passed.

    bizResult

    Boolean

    No default value

    Indicates whether the business verification is passed. If no business verification scenario is involved, the bizResult parameter is optional.

Error codes of the initialization operation

The initialization operation of CAPTCHA 2.0 refers to the request for obtaining CAPTCHA 2.0 resources with user identities. The domain name in the request is xxxxx.captcha-open.aliyuncs.com. In the domain name, xxxxx specifies the user identity. For more information about how to obtain user identities, see Step 1: Activate CAPTCHA 2.0. The following figure shows the resulrts returned after the initialization request is successful.

image.png

If the initialization request fails, the following error codes and corresponding suggestions are provided.

HTTP status code

Error code

Cause and suggestion

400

IllegalUserTag

The prefix parameter is invalid. Check whether this parameter is valid based on Step 1: Activate CAPTCHA 2.0.

400

IllegalScene

The SceneId parameter is invalid. Check whether this parameter is valid and make sure that the scenario is created by using the account associated with a user identify. The user identity is specified by the prefix parameter.

403

Forbidden.AccountAccessDenied

Your account has overdue payments. Check whether the account can be used as expected.

Download client integration demos