Validating CAPTCHA challenge secret

From ePrize Developers Wiki

Revision as of 15:07, 28 August 2009 by Ken-fox (Talk | contribs)
Jump to: navigation, search
Request representation:
secret: {secret}

Response:
200 OK

Response if CAPTCHA challenge secret is not correct, or if validation has already been attempted:
403 Forbidden

Response if CAPTCHA does not exist:
404 Not Found

After a validation request, the CAPTCHA challenge can not be validated again. It may not exist when fetched though clients must not depend on this due to caching.

This API is not intended to be called by the client. It is part of the anti-botting protocol used to protect an API request. When an {apikey} marks an API call as needing CAPTCHA, the client must send CAPTCHA challenge/response information in the request headers of the API call.

Request header representation: 

X-CAPTCHA-Challenge: /v1/{apikey}/captcha/{challenge-id}
X-CAPTCHA-Response: {secret}

The CAPTCHA service is intended to be pluggable so that third parties may their standard CAPTCHA solution. ePrize Web Services will support a limited set of CAPTCHA services; an API call needing CAPTCHA will fail if the CAPTCHA challenge is not recognized.

At launch of eWS, only the built-in eWS CAPTCHA service is recognized.

Retrieved from "https://code.helloworld.com/wiki/index.php/Validating_CAPTCHA_challenge_secret"
Personal tools