Validating CAPTCHA challenge secret
From ePrize Developers Wiki
(Difference between revisions)
(New page: <pre>Request representation: secret: {secret} Response: 200 OK Response if CAPTCHA challenge secret is not correct: 403 Forbidden Response if CAPTCHA validation has already been attempt...) |
|||
| (4 intermediate revisions not shown.) | |||
| Line 1: | Line 1: | ||
| + | This is not a resource itself, but validation of a CAPTCHA challenge takes place as a side-effect of creating a profile if the [[API Key|API key]] is marked as requiring CAPTCHA validation. For these [[API Key|API keys]], the client must send CAPTCHA challenge/response information in the request headers of the API call. | ||
| + | |||
| + | For full information please see [[Create_profile|create profile]]. | ||
| + | |||
| + | == Headers == | ||
| + | |||
| + | Both headers must be added to the create profile request for the challenge to be correctly validated. The {secret} is the text embedded in the image fetched via [[Fetch_CAPTCHA_challenge|fetch CAPTCHA challenge]]. | ||
| + | |||
| + | Request header representation (use only the relative captcha location as noted here): | ||
| + | |||
| + | <pre>X-CAPTCHA-Challenge: /v1/{apikey}/captcha/{challenge-id} | ||
| + | X-CAPTCHA-Response: {secret} | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | |||
| + | <!-- | ||
| + | |||
| + | Not implemented - 4/7/2011 | ||
| + | |||
| + | The CAPTCHA service is intended to be pluggable so that third parties may their standard CAPTCHA solution. ePrize Web Services will support a limited set of CAPTCHA services; an API call needing CAPTCHA will fail if the CAPTCHA challenge is not recognized. | ||
| + | |||
| + | At launch of eWS, only the built-in eWS CAPTCHA service is recognized. | ||
| + | |||
<pre>Request representation: | <pre>Request representation: | ||
secret: {secret} | secret: {secret} | ||
| Line 5: | Line 29: | ||
200 OK | 200 OK | ||
| - | Response if CAPTCHA challenge secret is not correct: | + | Response if CAPTCHA challenge secret is not correct, or if validation has already been attempted: |
403 Forbidden | 403 Forbidden | ||
| - | Response | + | Response if CAPTCHA does not exist: |
404 Not Found | 404 Not Found | ||
</pre> | </pre> | ||
| Line 14: | Line 38: | ||
After a validation request, the CAPTCHA challenge can not be validated again. It may not exist when fetched though clients must not depend on this due to caching. | After a validation request, the CAPTCHA challenge can not be validated again. It may not exist when fetched though clients must not depend on this due to caching. | ||
| - | This API is not intended to be called by the client. It is part of the anti-botting protocol used to protect an API request | + | This API is not intended to be called by the client. It is part of the anti-botting protocol used to protect an API request. |
| - | + | --> | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
Current revision
This is not a resource itself, but validation of a CAPTCHA challenge takes place as a side-effect of creating a profile if the API key is marked as requiring CAPTCHA validation. For these API keys, the client must send CAPTCHA challenge/response information in the request headers of the API call.
For full information please see create profile.
Headers
Both headers must be added to the create profile request for the challenge to be correctly validated. The {secret} is the text embedded in the image fetched via fetch CAPTCHA challenge.
Request header representation (use only the relative captcha location as noted here):
X-CAPTCHA-Challenge: /v1/{apikey}/captcha/{challenge-id}
X-CAPTCHA-Response: {secret}
