Validating CAPTCHA challenge secret

From ePrize Developers Wiki

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
 +
This is not a resource itself, but validation of a CAPTCHA challenge takes place as a side-effect of creating a profile if the [[API Key|API key]] is marked as requiring CAPTCHA validation. For these [[API Key|API keys]], the client must send CAPTCHA challenge/response information in the request headers of the API call.
 +
 +
For full information please see [[Create_profile|create profile]].
 +
 +
== Headers ==
 +
 +
Both headers must be added to the create profile request for the challenge to be correctly validated.
 +
 +
Request header representation:
 +
 +
<pre>X-CAPTCHA-Challenge: /v1/{apikey}/captcha/{challenge-id}
 +
X-CAPTCHA-Response: {secret}
 +
</pre>
 +
 +
 +
 +
<!--
 +
 +
Not implemented - 4/7/2011
 +
 +
The CAPTCHA service is intended to be pluggable so that third parties may their standard CAPTCHA solution. ePrize Web Services will support a limited set of CAPTCHA services; an API call needing CAPTCHA will fail if the CAPTCHA challenge is not recognized.
 +
 +
At launch of eWS, only the built-in eWS CAPTCHA service is recognized.
 +
<pre>Request representation:
<pre>Request representation:
secret: {secret}
secret: {secret}
Line 14: Line 38:
After a validation request, the CAPTCHA challenge can not be validated again. It may not exist when fetched though clients must not depend on this due to caching.
After a validation request, the CAPTCHA challenge can not be validated again. It may not exist when fetched though clients must not depend on this due to caching.
-
This API is not intended to be called by the client. It is part of the anti-botting protocol used to protect an API request. When an {apikey} marks an API call as needing CAPTCHA, the client must send CAPTCHA challenge/response information in the request headers of the API call.
+
This API is not intended to be called by the client. It is part of the anti-botting protocol used to protect an API request.
-
Request header representation:
+
-->
-
 
+
-
<pre>X-CAPTCHA-Challenge: /v1/{apikey}/captcha/{challenge-id}
+
-
X-CAPTCHA-Response: {secret}
+
-
</pre>
+
-
 
+
-
The CAPTCHA service is intended to be pluggable so that third parties may their standard CAPTCHA solution. ePrize Web Services will support a limited set of CAPTCHA services; an API call needing CAPTCHA will fail if the CAPTCHA challenge is not recognized.
+
-
 
+
-
At launch of eWS, only the built-in eWS CAPTCHA service is recognized.
+

Revision as of 20:37, 7 April 2011

This is not a resource itself, but validation of a CAPTCHA challenge takes place as a side-effect of creating a profile if the API key is marked as requiring CAPTCHA validation. For these API keys, the client must send CAPTCHA challenge/response information in the request headers of the API call.

For full information please see create profile.

Headers

Both headers must be added to the create profile request for the challenge to be correctly validated.

Request header representation: 

X-CAPTCHA-Challenge: /v1/{apikey}/captcha/{challenge-id}
X-CAPTCHA-Response: {secret}



Retrieved from "https://code.helloworld.com/wiki/index.php/Validating_CAPTCHA_challenge_secret"
Personal tools