nonstress CAPTCHA
Easy to use, and so secure Anti-Bot serviceCopied!
There’re no stresses for visitors and developers, let give the stresses for bad bots!
Demo Website: https://hamutan86.pythonanywhere.com/nonstress/demo
UsageCopied!
You just have to add these tags in your page:
<script src="https://hamutan86.pythonanywhere.com/nonstress/nonstress.js" async defer></script>
It will automatically create a CAPTCHA token when the visitor open or refresh the page. And It’s completely invisible, doesn’t give stresses for visitors.
You can fetch the CAPTCHA token with:
nonstress.getToken();
or, you can still use the legacy way:
document.querySelector('input[type="nonstress"]').value;
when CAPTCHA challenge is incomplete, it will return just ““. (empty str)
if somehow CAPTCHA challenge failed, it will return “Failed“.
If you got a string like “rsiohabadxbfkvfk.PcOgasOdV8K1RcKnPcK…”, it is the CAPTCHA token.
You have to send the CAPTCHA token to the server-side.
In server-side, you can validate CAPTCHA token with:
POST https://hamutan86.pythonanywhere.com/nonstress/validate
{
"token": "CAPTCHA token that received from client-side"
}
If token is valid, the API returns like:
{
"error": "",
"pass": true,
"risk_rate": "clean|low|medium|high|bot(pass:false)", # human usually gets clean or low
"visitor_data": {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64...",
"ip": "8e550c45b5c5fe8f00c781033c..." # hashed with sha-256 for privacy
}
}
visitor’s ip is hashed with sha-256 for privacy (it isn’t salted so you can still use it for validation). you can use visitor_data for validate that is the person completed CAPTCHA and the person requested to your server are same.
or if token is not valid, the API returns like:
{"error":"token doesn't exist","pass":false}
{"error":"expired token","pass":false} # token will expire on 5 minutes