2022-05-07 20:08:51 +05:30
---
2023-03-17 16:20:25 +05:30
stage: Data Science
group: Anti-Abuse
2022-11-25 23:54:43 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2022-05-07 20:08:51 +05:30
---
# Spam protection and CAPTCHA
This guide provides an overview of how to add spam protection and CAPTCHA support to new areas of the
GitLab application.
## Add spam protection and CAPTCHA support to a new area
To add this support, you must implement the following areas as applicable:
1. [Model and Services ](model_and_services.md ): The basic prerequisite
changes to the backend code which are required to add spam or CAPTCHA API and UI support
for a feature which does not yet have support.
2022-06-21 17:19:12 +05:30
1. [REST API ](rest_api.md ): The changes needed to add
2022-05-07 20:08:51 +05:30
spam or CAPTCHA support to Grape REST API endpoints. Refer to the related
2023-04-23 21:23:45 +05:30
[REST API documentation ](../../api/rest/index.md#resolve-requests-detected-as-spam ).
2022-05-07 20:08:51 +05:30
1. [GraphQL API ](graphql_api.md ): The changes needed to add spam or CAPTCHA support to GraphQL
mutations. Refer to the related
[GraphQL API documentation ](../../api/graphql/index.md#resolve-mutations-detected-as-spam ).
1. [Web UI ](web_ui.md ): The various possible scenarios encountered when adding
spam/CAPTCHA support to the web UI, depending on whether the UI is JavaScript API-based (Vue or
plain JavaScript) or HTML-form (HAML) based.
You should also perform manual exploratory testing of the new feature. Refer to
[Exploratory testing ](exploratory_testing.md ) for more information.
## Spam-related model and API fields
Multiple levels of spam flagging determine how spam is handled. These levels are referenced in
[`Spam::SpamConstants` ](https://gitlab.com/gitlab-org/gitlab/blob/master/app/services/spam/spam_constants.rb#L4-4 ),
and used various places in the application, such as
[`Spam::SpamActionService#perform_spam_service_check` ](https://gitlab.com/gitlab-org/gitlab/blob/d7585b56c9e7dc69414af306d82906e28befe7da/app/services/spam/spam_action_service.rb#L61-61 ).
The possible values include:
- `BLOCK_USER`
- `DISALLOW`
- `CONDITIONAL_ALLOW`
- `OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM`
- `ALLOW`
- `NOOP`
## Related topics
- [Spam and CAPTCHA support in the GraphQL API ](../../api/graphql/index.md#resolve-mutations-detected-as-spam )
2023-04-23 21:23:45 +05:30
- [Spam and CAPTCHA support in the REST API ](../../api/rest/index.md#resolve-requests-detected-as-spam )
2022-05-07 20:08:51 +05:30
- [reCAPTCHA Spam and Anti-bot Protection ](../../integration/recaptcha.md )
- [Akismet and Spam Logs ](../../integration/akismet.md )