Migrating from hCaptcha

This guide walks you through migrating from hCaptcha to ALTCHA Sentinel, a lightweight and privacy-respecting alternative designed for modern web applications that value user experience and data sovereignty.

Why Switch?

While hCaptcha is often preferred over reCAPTCHA for privacy, it still relies on third-party hosting and manual visual puzzles that can frustrate users. ALTCHA provides a self-hosted, automated challenge that respects user privacy without sacrificing security.

Key Differences

Feature	hCaptcha	ALTCHA Sentinel
User Experience	Visual puzzles, user interaction	Frictionless PoW (Proof-of-Work)
Implementation	Third-party hosted	Self-hosted
Privacy	Shares data with external providers	Zero tracking, privacy-focused
Accessibility	Can present barriers (visual tasks)	Fully WCAG-compliant
Compliance	Requires vendor data evaluation	GDPR, CCPA, HIPAA, LGPD, & PIPL compliant
Verification	Server-to-hCaptcha API call	Fast, local cryptographic verification
Limits	Usage-based tiers	Unlimited usage

---

Implementation Comparison

Previous Implementation (hCaptcha)

Typically, hCaptcha requires an external script and a remote verification POST request.

Frontend: Required an external script from hcaptcha.com and a widget element that often triggered manual image-labeling tasks for users.

Backend: Relied on a remote API call to hcaptcha.com/siteverify to validate the h-captcha-response token using a secret key.

New Implementation (ALTCHA)

ALTCHA integrates directly into your app, keeping the verification process local and fast.

Frontend: Include the package and add the widget to your form.

import "altcha";

<form action="/submit" method="post">
  <altcha-widget
    challenge="https://your-challenge-url">
  </altcha-widget>
  <button type="submit">Submit</button>
</form>

For a deep dive into customization, see the Widget Integration guide.

Backend: Verification is performed locally using your server-side secret, removing the need for an external API round-trip to Google.

TypeScript

Dart

PHP

Go

Python

Java

Ruby

Elixir

Rust

C++

Learn more about validating payloads in the Server Integration guide.

Migration Steps

1. Remove hCaptcha Dependencies

   • Remove the js.hcaptcha.com script and .h-captcha div elements.
   • Delete hCaptcha secret keys from your configuration.

2. Deploy ALTCHA Sentinel

   • Deploy your Sentinel instance or configure your server to generate challenges.

3. Update Frontend

   • Integrate the <altcha-widget> as shown in the Widget Integration guide.

4. Switch to Local Verification

   • Update your form handlers to use the Server Integration libraries instead of the hCaptcha API.

Benefits After Migration

• Ownership: No reliance on third-party service uptime or vendor changes.
• Speed: Instant local verification avoids the latency of external API calls.
• User Retention: Frictionless challenges mean fewer users abandon your forms.

Resources

• Troubleshooting Integration
• Server-Side Libraries
• API Reference