Validation process

  1. Create a VAPTCHA unit and obtainVID and KeyClick create.
  2. Deploy https://v-cn.vaptcha.com/v3.js to your page.
  3. Initialize VAPTCHA SDK to the your page.Web
  4. After completing the VAPTCHA test, the user gets the token, and submits it to your server together with the form data.
  5. After the server gets the token, verify the validity of the tokenthrough our verification interface.Confirm validation.

Web side deployment

Configuration and interface documentation required for web client to deploy vaptcha.


Compatibility with IE8 + (IE8 and above), chrome, Firefox, Safari, opera, mainstream mobile browsers, embedded WebView on IOS and Android.


  1. Preparation: Create the VAPTCHA unit and obtain the VID.

  2. Deploy SDK:

Complete instance

Click Mode:




Invisible Mode:

Important: please execute the initialization function when the page is loaded and trigger the validate()method through the button. Do not execute the initialization function in the click event of the button, otherwise it will lead to failure of normal verification on the mobile terminal.

Embedded Mode:




Common parameters

Required parameters

vidstringVAPTCHA unit VID
modestringOptional values click,invisible,embedded
sceneintScenario of initiating verification request, Default value:0

Optional parameters

langstringautoavailable value,auto,zh-CN,en,zh-TW,jp
areastringcnVAPTCHA node area. The default value is auto. The optional values are auto,sea,Na,CN

Type parameter

Appropriate typeParameterTypeRequireFaultDescription
Click mode, Embedded modecontainerstring or HTMLElementYNoneNone
Click modestylestringNdarkButton style,dark,light
Click modecolorstringN#57ABFFButton color
Embedded modeguideboolNfalseWhether to display the operation prompt text at the bottom of the picture, default not display

API method


For Click Mode only. Perform the initialization operation and insert the button or picture into the container in the configuration parameters. The sample code is as follows:


For monitoring verification events. The supported events are as follows:

  • pass event, triggered when verification is passed

  • close event, triggered when the verification pop-up window is closed

  • For Invisible mode only. The developer decides when to call this method for verification, such as calling this method when the form is submitted.
  • Usage: After the initialization of the VAPTCHA instance, the user clicks the login button to execute the validate() method to perform the verification. When the verification succeeds, the verification pass event is triggered.

  • The token is validate for 3 minutes, and then interface returns to empty. It is recommended that users tell whether the VAPTCHA verification has passed or not based on whether the token is empty.

  • For all modes, and it is recommended to use this interface to obtain verification results. To obtain the verification result, return server and token. Since the token can only be used once, the token will be empty after calling the getServerToken interface to obtain the token.

  • Recommended usage:

  • If you initiate a request by submitting the form directly, it is recommended to use this function to add server, token values to the form

  • This function is used to add two input tags named vaptcha_server,vaptcha_token to the form, as follows

  • The function receives a parameter as the container for storing theinputtag.The default value is thecontainecontainer in the parameter configuration, it is required when using the invisible mode. Theinputwill be added to the configured container, and the parameter type is selectoror Element.

  • Sample code:

  • For all modes. VAPTCHA reset operation, for example, it can be called when login fails.
  • Sample code:


iOS-HTML5 deployment

DEMO: https://github.com/vaptcha/VAPTCHA-iOS-v3.git

notice: Please download the ios.html and v3.js from the folder /www in DEMO and replace with your resource address.

  1. n the .h file of your iOS App project, import the framework's dependent libraries and if compatibility issues occur when using third-party components, please use the native webview component.
  1. Add webviewto you (where human-machine verification is required) and set thewebviewto be invisible.
  1. Add the jsmessageHandlerin theuserContentControllerproperty of thewebView ``configurationnameis "signal";
  1. When needed, display thewebviewand load the business page and configure the parametersvidlangaccording to the format
  1. Obtain verification data throughWKScriptMessageHandlerprotocol callback method:
  1. The return ofbodyattribute of the above messageis a string. The string shows information such as whether the verification is passed. It is necessary to implement the follow-up operations of user verification pass, fail or cancel here. The specific fields are:



DEMO: https://github.com/vaptcha/VAPTCHA-Android-v3.git

notice: Please download the android.html and v3.js from the folder /www in DEMO and replace with your resource address.

  1. set the permissions for network connection permissions In the configuration file:AndroidManifest.xml
  1. Add webviewto the layout file (where VAPTCHA is required), set thewebviewto hidden(android:visibility="invisible"), and set it tovisiblewhen in use.
  1. SetWebViewin theactivityfile.
  1. First callsetVaptcha()to setwebview, and then call the following methods where VAPTCHA is required

Display thewebviewload the business logic page and configure the parameters vidlangaccording to the format.

  1. Set webviewto transparent and turn off hardware acceleration
  1. When building a bridge for JavaScript calling java interface, the parameter name passed is fixed asvaptchaInterface

The method with the fixed name(signal)needs to be implemented in the interface. The string parameters here return the information such as whether the verification passes and the user clicks close. The subsequent operations of user verification pass, fail or cancel need to be implemented here. The specific fields are





VUE2: https://www.vaptcha.com/document/vaptcha-vue-click.html

VUE3: https://www.vaptcha.com/document/vaptcha-vue3.html


Back end deployment

Confirm validation

Description of the interface and returned results verified by the serve. 服务端 SDK 地址:https://github.com/vaptcha

Request data

Request url: The server obtained after successful front-end verification, such as HTTPS: / / *. Vaptcha.net/verify.

Note: please add *. Vaptcha.com and *. Vaptcha.net to server whitelists

idVID of VAPTCHA unit
secretkeyKey of VAPTCHA unit
sceneScenario ID of VAPTCHA unit,e.g: 0
tokenThe token obtained by the user after successful front-end verification
ipGet the user's remote address

Response results

Return jsonstring

When the verification score is low or there are some points deducted, the webmaster can customize the processing strategy, such as allowing the user to verify the mobile phone, email, etc.


Device validation


Register and verify the user's common devices through VAPTCHA , and register up to 5 devices for each user, which is supported by PC / mobile terminal. It can be used for password free login, security supplementary verification or other scenarios customized by the webmaster.

Note: the VA[TCHA token used in verification can only be used after Confirm Verification

Device query

Query whether the user device has been registered through the user ID and token, and return the login times and the latest login time.

URL:Append /device to theserverparameter obtained after the front-end verification is successful. For example, the front-end server ishttps://*.vaptcha.net/verify, and the final URL ishttps://*.vaptcha.net/verify/device.



idstringY用户唯一 ID,用于关联设备,无需提交用户名、手机号等隐私信息。
tokenstringYVAPTCHA Token


Device registration

Add up to 5 associated devices for the current user. Whether to register devices can be determined by the station master or let vaptcha automatically judge. It is recommended to register only devices with valid identity verification, such as SMS / email verification.

URL: append/deviceto the front-end server parameter.



idstringYThe user ID of the user who registered the device on your website/APP.
tokenstringYVAPTCHA Token
regeditintN1 registers the current device, and 0 automatically determines whether to register by VAPTCHA


Exit device

Delete the most recently logged in device of the current user




idstringYThe user ID of the user who registered the device on your website/APP.


Inquiry devices

Get the list of devices that the user has logged in

HTTP URLhttps://user.vaptcha.com/api/v1/device
Request parameters
idstringYThe user ID of the user who registered the device on your website/APP.