Pure HTML + PHP integration demo for CaptchaLa. No frameworks, no build step — drop into any web stack.
Open source under MIT. Copy any file as a starting point for your own integration.
| File | What it does |
|---|---|
index.html |
Standalone HTML demo: 3 widget modes (popup / float / bind) using SDK from CDN |
verify.php |
Sample backend endpoint: validates a token via the CaptchaLa server API |
issue-token.php |
Sample backend endpoint: issues a short-lived server token (anti-replay binding) |
LICENSE |
MIT license — use freely |
- Get a free app key + secret at dash.captcha.la/register (10,000 verifications/month free).
- Open
index.htmlin your editor and replacedemo_appwith yourapp_key. - Open
verify.phpandissue-token.php, replaceYOUR_APP_KEYandYOUR_APP_SECRET. - Drop the files on any web server with PHP.
- Visit the page — all three widget modes work end-to-end.
Browser Your backend CaptchaLa API
│ │ │
│ 1. Page load → init Captchala SDK │ │
│ 2. (optional) GET /issue-token.php ────>│ │
│ │ POST /v1/server-token/issue ──>│
│ <─── short-lived server token ─────────│ <─── token ──────────────────│
│ 3. User interacts → SDK onSuccess(token) │ │
│ 4. POST /verify.php { token, action } ──>│ │
│ │ POST /v1/challenge/verify ───>│
│ │ <─── { valid, risk_score } ──│
│ <─── allow/deny ────────────────────────│ │
The verify.php server-side check is mandatory. Client-side onSuccess is just a UX hint — anyone can fake it from DevTools.
POST https://apiv1.captcha.la/v1/server-token/issue— pre-issue a session-bound token (optional, recommended for high-value flows)POST https://apiv1.captcha.la/v1/challenge/verify— server-side validate the token afteronSuccess
Both endpoints take X-App-Key + X-App-Secret headers. Never expose the secret in browser code.
- Replace demo
app_keywith your own - Move
app_secretto environment variable (not committed to source) - Run
verify.phpover HTTPS only - Add rate limiting to
verify.php(per IP, ~30/min is reasonable) - Log rejected tokens for audit
- Consider issuing server tokens (
issue-token.php) for sign-up / payment flows
- Full docs: captcha.la/en/docs
- Native SDKs (iOS / Android / Flutter): captcha.la/en/docs/sdk
- Pricing: captcha.la/en/pricing
- Support: supply@captcha.la
License: MIT — see LICENSE.