1
0
Fork 0
forked from mCaptcha/website
mcaptcha-website/content/docs/terminology/access-token.md

1.2 KiB

title description lead date lastmod draft images menu weight toc
Access token mCaptcha implements leaky bucket algorithm to measure current traffic levels. Cooldown period specifies the leak or the time after which a visitor addition is decremented. 2022-07-22 2022-07-22 20:17 false
docs
parent
Terminology
521 true

When a visitor solves the CAPTCHA and sends their solution to an mCaptcha instance, the solution will be verified for correctness. If the solution is correct, mCaptcha will return a single use access token.

This access token should be attached to the visitor's requited to the protected service and the protected service should validity of the access token with the mCaptcha instance and only allow access to protected resource if the access token is valid.

Validate access token:

curl --location --request POST 'https://mcaptcha.example.net/api/v1/pow/siteverify' \
  --header 'Content-Type: application/json' \
  --data-raw '{
    "token": "replace this with the access token presented by visitor",
    "key": "replace this with the sitekey associated with the CAPTCHA"
    "secret": "replace this with mCaptcha account secret, available in settings"
  }'