API Keys

API Keys are used to authorize access to the API and must be included with every request. There are two types of API Keys:

• Free API Keys (starting with ckey_..., where c denotes cryptographic)
• Paid API Keys (starting with key_...)

Free API Keys

Free API Keys can be created at no cost, providing limited access to the API.

Conditions for using Free API Keys:

• Limited to 200 requests per day (per domain)
• Subject to other rate limits
• Attribution required

Generating a Free API Key

Free API Keys are tied to a specific domain name and only function on websites hosted on the provided domain name.

Note

Free API Keys require attribution on your website.

Generate a Free API Key

Invalid response:

Success! Make something awesome!

Download

Your website's domain:

Generate

The server will generate a new Free API Key and a secret:

{
  "hostname": "example.com",
  "apiKey": "ckey_49960de...",
  "secret": "csec_55de16dde79f94...",
  "license": "...",
  "verification": {
    "DNS": {
      "name": "@",
      "type": "TXT",
      "value": "altcha-verification=..."
    }
  }
}

The secret csec_... is used for payload verification (as HMAC secret) and must remain confidential, never exposed publicly.

Refer to the documentation to learn how to generate a new API Key using the API.

Domain Verification

While optional, domain verification is strongly recommended. Verifying the ownership of your domain name via the DNS TXT record configured with the provided altcha-verification=... value adds an extra layer of security.

Domain verification ensures that your API Key is appropriately associated with the domain name it is intended to work with.

To verify your domain name, follow these steps:

1. Access your DNS records management panel.
2. Add a TXT record with the following details:
   • Record Type: TXT
   • Host/Name: @ (or your domain name)
   • Value/Text: altcha-verification=abc... (replace abc... with your unique verification token obtained when you generated the API Key)
3. Save the changes.

Once the DNS record is successfully added and propagated, the domain ownership will be verified. This ensures the secure usage of your API Key with the specified domain name.

Attribution for Free API Keys

When using the Free API Key, you MUST display “Protected by ALTCHA” along with the logo in the widget (i.e., do not use hidelogo or hidefooter). If you’re not using the widget, you MUST include an attribution in the footer of your website, at least on the homepage:

<a href="https://altcha.org">Protected by ALTCHA</a>

You may translate or modify the text, but it must convey a similar meaning to “Protected by ALTCHA”. The link must direct to https://altcha.org and should not include rel="nofollow".

Paid API Keys

Paid API Keys can be created within the app.