Validating CAPTCHA challenge secret

From ePrize Developers Wiki

Revision as of 13:10, 3 March 2009 by Ken-fox (Talk | contribs)
Jump to: navigation, search
Request representation:
secret: {secret}

Response:
200 OK

Response if CAPTCHA challenge secret is not correct:
403 Forbidden

Response if CAPTCHA validation has already been attempted, or if CAPTCHA does not exist:
404 Not Found

After a validation request, the CAPTCHA challenge can not be validated again. It may not exist when fetched though clients must not depend on this due to caching.

This API is not intended to be called by the client. It is part of the anti-botting protocol used to protect an API request. When an {apikey} marks an API call as needing CAPTCHA, the client must send CAPTCHA challenge/response information in the request headers of the API call.

Request header representation: 

X-CAPTCHA-Challenge: /v1/{apikey}/captcha/{challenge-id}
X-CAPTCHA-Response: {secret}

The CAPTCHA service is intended to be pluggable so that third parties may their standard CAPTCHA solution. ePrize Web Services will support a limited set of CAPTCHA services; an API call needing CAPTCHA will fail if the CAPTCHA challenge is not recognized.

At launch of eWS, only the built-in eWS CAPTCHA service is recognized.

Retrieved from "https://code.helloworld.com/wiki/index.php/Validating_CAPTCHA_challenge_secret"
Personal tools