Validating CAPTCHA challenge secret
From ePrize Developers Wiki
Ken-fox (Talk | contribs)
(New page: <pre>Request representation: secret: {secret} Response: 200 OK Response if CAPTCHA challenge secret is not correct: 403 Forbidden Response if CAPTCHA validation has already been attempt...)
Next diff →
Revision as of 13:13, 2 March 2009
Request representation:
secret: {secret}
Response:
200 OK
Response if CAPTCHA challenge secret is not correct:
403 Forbidden
Response if CAPTCHA validation has already been attempted, or if CAPTCHA does not exist:
404 Not Found
After a validation request, the CAPTCHA challenge can not be validated again. It may not exist when fetched though clients must not depend on this due to caching.
This API is not intended to be called by the client. It is part of the anti-botting protocol used to protect an API request. When an {apikey} marks an API call as needing CAPTCHA, the client must send CAPTCHA challenge/response information in the request headers of the API call.
Request header representation: X-CAPTCHA-Challenge: /v1/{apikey}/captcha/{challenge-id} X-CAPTCHA-Response: {secret}
The CAPTCHA service is intended to be pluggable so that third parties may their standard CAPTCHA solution. ePrize Web Services will support a limited set of CAPTCHA services; an API call needing CAPTCHA will fail if the CAPTCHA challenge is not recognized.
At launch of eWS, only the built-in eWS CAPTCHA service is recognized.
