Validation process

  1. Create a VAPTCHA unit and obtainVIDandKey .Click create..
  2. Deploy https://v-cn.vaptcha.com/v-na.jsto your page.
  3. Initialize VAPTCHA SDK to the your page. WEB.
  4. After completing the VAPTCHA test, the user gets thetoken, and submits it to your server together with the form data.
  5. After the server gets thetoken, verify the validity of the tokenthrough our verification interface.Confirm validation.

Web side deployment

Configuration and interface documentation required for web client to deploy vaptcha.


Compatibility with IE8 + (IE8 and above), chrome, Firefox, Safari, opera, mainstream mobile browsers, embedded WebView on IOS and Android.


  1. Preparation:Create the VPTCHA unit and obtain the VID.

  2. Deploy SDK:

    Please select the nearest resource or download v3.js to the local for use

  1. Initialize VAPTCHA

    Load animation Preview:


Complete instance

  • Click Mode:

  • Invisible Mode:

    Important: please execute the initialization function when the page is loaded and trigger the validate()method through the button. Do not execute the initialization function in the click event of the button, otherwise it will lead to failure of normal verification on the mobile terminal.

  • Embedded Mode:


Common parameters

Required parameters

vidstringVAPTCHA unitVID
typestringOptional valuesclick,invisible,embedded
sceneintScenario of initiating verification request,Default value:0

Optional parameters

langstringautoavailable value,auto,zh-CN,en,zh-TW,jp
httpsBooltrueProtocol type, check if it is https
areastringcnVAPTCHA node area. The default value is auto. The optional values are auto, sea, Na, CN

Type parameter

Appropriate typeParameterTypeRequiredFaultDescription
Click modecontainerElementselectorYesNone
Click modestylestringOptionaldarkButton style,dark,light
Click modecolorstringOptional#57ABFFButton color
Embedded modeguideBoolOptionalBoolWhether to display the operation prompt text at the bottom of the picture, default display

API method


For Click Mode only. Perform the initialization operation and insert the button or picture into the container in the configuration parameters. The sample code is as follows:


For monitoring verification events. The supported events are as follows:

  • pass event, triggered when verification is passed

  • close event, triggered when the verification pop-up window is closed


For Invisible mode only. The developer decides when to call this method for verification, such as calling this method when the form is submitted.

Usage: After the initialization of the VAPTCHA instance, the user clicks the login button to execute thevalidate() method to perform the verification. When the verification succeeds, the verification pass event is triggered.


The token is validate for 3 minutes, and then interface returns to empty. It is recommended that users tell whether the VAPTCHA verification has passed or not based on whether the token is empty.

For all modes, and it is recommended to use this interface to obtain verification results. To obtain the verification result, return server and token. Since the token can only be used once, the token will be empty after calling the getServerToken interface to obtain the token.

Recommended usage:


If you initiate a request by submitting the form directly, it is recommended to use this function to add server, token values to the form

This function is used to add two input tags named vaptcha_server,vaptcha_token to the form, as follows

The function receives a parameter as the container for storing theinputtag.The default value is thecontainecontainer in the parameter configuration, it is required when using the invisible mode. Theinputwill be added to the configured container, and the parameter type is selectoror Element.

Sample code:


For all modes. VAPTCHA reset operation, for example, it can be called when login fails.

Sample code:

iOS-HTML5 deployment

  1. n the .h file of your iOS App project, import the framework's dependent libraries and if compatibility issues occur when using third-party components, please use the native webview component.
  1. Add webviewto you (where human-machine verification is required) and set thewebviewto be invisible.
  1. Add the jsmessageHandler in theuserContentController property of thewebView configuration nameis "signal";
  1. When needed, display thewebviewand load the business page and configure the parametersvidlangaccording to the format
  1. Obtain verification data throughWKScriptMessageHandlerprotocol callback method:
  1. The return ofbody attribute of the above message is a string. The string shows information such as whether the verification is passed. It is necessary to implement the follow-up operations of user verification pass, fail or cancel here. The specific fields are:


  1. set the permissions for network connection permissions In the configuration file:AndroidManifest.xml
  1. Add webviewto the layout file (where VAPTCHA is required), set thewebviewto hidden(android:visibility="invisible"), and set it tovisiblewhen in use.
  1. SetWebView in theactivity file.
  1. First callsetVaptcha()to setwebview, and then call the following methods where VAPTCHA is required

Display thewebviewload the business logic page and configure the parameters vidlangaccording to the format.

  1. Set webviewto transparent and turn off hardware acceleration
  1. When building a bridge for JavaScript calling java interface, the parameter name passed is fixed asvaptchaInterface

The method with the fixed name(signal)needs to be implemented in the interface. The string parameters here return the information such as whether the verification passes and the user clicks close. The subsequent operations of user verification pass, fail or cancel need to be implemented here. The specific fields are





Back end deployment

Confirm validation

Description of the interface and returned results verified by the serve. 服务端 SDK 地址:https://github.com/vaptcha

Request data

Request url: The server obtained after successful front-end verification, such as HTTPS: / / *. Vaptcha.net/verify.

Note: please add *. Vaptcha.com and *. Vaptcha.net to server whitelists

idVIDof VAPTCHA unit
secretkeyKeyof VAPTCHA unit
sceneScenario ID of VAPTCHA unit,e.g: 0
tokenThetokenobtained by the user after successful front-end verification
ipGet the user'sremote address
useridOnly the EV is available. The user'sunique IDis used to associate user verification behavior. There is no need to submit privacy information such as user name and mobile phone number (the maximum length is limited to 50characters). When the current user operates at risk, VAPTCHA will give an immediate alarm. Please handle it in combination with scoreand msg.

Response results

Return jsonstring

When the verification score is low or there are some points deducted, the webmaster can customize the processing strategy, such as allowing the user to verify the mobile phone, email, etc.

Score deduction description

Deduction itemDescription
0Verification frequency too high
1Device change frequency is too high
2Frequent remote login
3Cookie is empty
4Submit via proxy device and code printing

Note: Multiple deduction items are separated by,. Such as:0,1,2,3,4


Device validation


Register and verify the user's common devices through VAPTCHA , and register up to 5 devices for each user, which is supported by PC / mobile terminal. It can be used for password free login, security supplementary verification or other scenarios customized by the webmaster.

Note: the VA[TCHA token used in verification can only be used after Confirm Verification

Device query

Query whether the user device has been registered through the user ID and token, and return the login times and the latest login time.

URL:Append /device to theserver parameter obtained after the front-end verification is successful. For example, the front-end server ishttps://*.vaptcha.net/verify, and the final URL ishttps://*.vaptcha.net/verify/device.



idstringYUnique ID of the user used to associate the device. There is no need to submit user name, mobile phone number and other privacy information.
tokenstringYVAPTCHA Token


Device registration

Add up to 5 associated devices for the current user. Whether to register devices can be determined by the station master or let vaptcha automatically judge. It is recommended to register only devices with valid identity verification, such as SMS / email verification.

URL: append/deviceto the front-end server parameter.



idstringYUser ID when registering the device
tokenstringYVAPTCHA Token
regeditintN1 registers the current device, and 0 automatically determines whether to register by VAPTCHA


Exit device

Delete the most recently logged in device of the current user




idstringYUser ID when registering the device