After you integrate CAPTCHA 2.0 into a business client, you must integrate CAPTCHA 2.0 into a business server, and then call the VerifyIntelligentCaptcha operation on the business server to initiate a verification request. This topic describes how to call the VerifyIntelligentCaptcha operation.
Prerequisites
An AccessKey pair is created. For more information, see Create an AccessKey pair.
Do not use the AccessKey pair of your Alibaba Cloud account. If the AccessKey pair of your Alibaba Cloud account is leaked, the resources that belong to the account are exposed to potential risks. Use the AccessKey pair of a RAM user instead to reduce the risks of AccessKey pair leaks. To use CAPTCHA 2.0 as a RAM user, you must attach the AliyunYundunAFSFullAccess policy to the RAM user.
Download and install the SDK
Go to the Alibaba Cloud CAPTCHA 2.0 Sample Code Center page of OpenAPI Explorer and download the CAPTCHA 2.0 server SDK package of the required programming language based on the development environment of your business server.
CAPTCHA 2.0 provides server SDKs for Java, TypeScript, Go, PHP, Python, C#, and Darabonba.
Decompress the SDK package and load it to your business server project.
Call the VerifyIntelligentCaptcha operation
If you have questions when you call the operation, submit a ticket to contact technical support.
Initiate a verification request
Operation: VerifyIntelligentCaptcha
Endpoint: captcha.ap-southeast-1.aliyuncs.com
NoteIf your server resides in the Chinese mainland, the endpoint is captcha.cn-shanghai.aliyuncs.com.
Request method: POST
Transfer protocol: HTTPS
Description: After you integrate CAPTCHA 2.0 into a business client, call this operation on the business server to initiate a verification request.
Request parameters
Parameter | Type | Required | Description | Example |
CaptchaVerifyParam | String | Yes | The verification parameters that are returned by the CAPTCHA script in callback mode. Pass all parameters that are obtained from the business client to the business server. Warning Do not modify the verification parameters. Otherwise, a service error occurs. | {"sceneId":"xxxxxx","certifyId":"xxxxxx","deviceToken":"xxxxxxx==","data":"xxxxxx==","..."} |
SceneId | String | No | The scenario ID of the verification request. We recommend that you specify this parameter. This prevents the verification request in this scenario from being confused with that in other scenarios. | Udw***d72 |
Response parameters
Parameter | Type | Description | |||
HTTP Status Code | Integer | The HTTP status code. For more information, see the following table. | |||
HTTP Body | RequestId | String | The request ID. | ||
Success | Boolean | Indicates whether the request was successful. Valid values:
| |||
Code | String | The response code. For more information, see the following table. | |||
Message | String | The returned message. For more information, see the following table. | |||
Result | VerifyResult | Boolean | Indicates whether the verification was passed. Valid values:
| ||
VerifyCode | String | T001 | The verification is passed. | ||
T005 | The test mode is enabled in the console, and the configuration is verified. If you have any questions, log on to the CAPTCHA 2.0 console to view the policy configuration in the corresponding scenario. For more information, see Step 2: Create a verification scenario. | ||||
F001 | The request may be an attack request and fails the verification of the risk policy. If you have questions, submit a ticket. | ||||
F002 | The | ||||
F003 | The value that you specify for the | ||||
F004 | The test mode is enabled in the console, and the configuration is verified. If you have any questions, log on to the CAPTCHA 2.0 console to view the policy configuration in the corresponding scenario. For more information, see Step 2: Create a verification scenario. | ||||
F005 | The scenario ID specified by the sceneId field of the CaptchaVerifyParam parameter is invalid. The CaptchaVerifyParam parameter is automatically obtained by the frontend and passed to your server. The server directly passes the parameter to Alibaba Cloud without making any changes. Check your integration code by referring to Integrate CAPTCHA 2.0 into a business server. | ||||
F006 | The scenario ID specified by the sceneId field of the | ||||
F007 | If the interval between the verification request and the initialization request exceeds 20 minutes, initiate the initialization request again. | ||||
F008 | The verification data already exists. The verification code request can be submitted only once. | ||||
F009 | A virtual device environment is detected. Check whether simulated devices are used. Simulated devices include virtual machines such as VMware, VirtualBox, Hyper-V, Parallels, simulators such as AVD, BlueStacks, VirtualBox, and Hyper-V, and mobile browser simulators. If you do not need to block the request, log on to the CAPTCHA 2.0 console and disable the request on the Custom Policy page. For more information, see Configure a custom policy. | ||||
F010 | The number of requests from the same IP address exceeds the limit. To create a custom frequency threshold, log on to the CAPTCHA 2.0 console and configure a custom policy. For more information, see Configure a custom policy. | ||||
F011 | The number of requests from the same device exceeds the limit. To create a custom frequency threshold, log on to the CAPTCHA 2.0 console and configure a custom policy. For more information, see Configure a custom policy. | ||||
F012 | The value of the sceneID field that you specify during the configuration of server parameters must be consistent with the value of the sceneId parameter that is specified during the frontend configuration. | ||||
F013 | The | ||||
F014 | The initialization record cannot be queried. You must initiate a client initialization request before you can initiate a verification request. | ||||
F015 | The verification interaction is not passed. For example, the puzzle does not slide to the proper position, and the answers to spatial reasoning questions are wrong. You can refresh the verification code to complete the interaction again. | ||||
F016 | If URL verification does not pass the custom policy, log on to the CAPTCHA 2.0 console to modify the URL verification policy. For more information, see Configure a custom policy. | ||||
F017 | The request may be an attack request. The protocols or parameters are abnormal. | ||||
The following table describes the HTTP Status Code, Code, and Message parameters.
HTTP Status Code | Code | Message |
200 | Success | The request was successful. |
400 | MissingParameter | One or more required parameters are not specified. |
401 | InvalidParameter | One or more specified parameters are invalid. |
403 | Forbidden.AccountAccessDenied | You do not have the required permissions. The service may not be activated, or your account may have overdue payments. |
403 | Forbidden.RAMUserAccessDenied | The RAM user does not have the required permissions. Attach the AliyunYundunAFSFullAccess policy to the RAM user. For more information, see Grant permissions to a RAM role. |
500 | InternalError | An internal error has occurred. Try again later. If the error persists, submit a ticket to contact technical support. |