Skip to content

API Keys

API Keys are used to authorize access to the API and must be included with every request. There are two types of API Keys:

Free API Keys

Free API Keys can be created at no cost, providing limited access to the API.

Conditions for using Free API Keys:

Generating a Free API Key

Free API Keys are tied to a specific domain name and only function on websites hosted on the provided domain name.

Generate a Free API Key
If you're using a non-standard port number, enter the domain name and port in this format: example.com:3000.

The server will generate a new Free API Key and a secret:

{
"hostname": "example.com",
"apiKey": "ckey_49960de...",
"secret": "csec_55de16dde79f94...",
"license": "...",
"verification": {
"DNS": {
"name": "@",
"type": "TXT",
"value": "altcha-verification=..."
}
}
}

The secret csec_... is used for payload verification (as HMAC secret) and must remain confidential, never exposed publicly.

Refer to the documentation to learn how to generate a new API Key using the API.

Domain Verification

While optional, domain verification is strongly recommended. Verifying the ownership of your domain name via the DNS TXT record configured with the provided altcha-verification=... value adds an extra layer of security.

Domain verification ensures that your API Key is appropriately associated with the domain name it is intended to work with.

To verify your domain name, follow these steps:

  1. Access your DNS records management panel.
  2. Add a TXT record with the following details:
    • Record Type: TXT
    • Host/Name: @ (or your domain name)
    • Value/Text: altcha-verification=abc... (replace abc... with your unique verification token obtained when you generated the API Key)
  3. Save the changes.

Once the DNS record is successfully added and propagated, the domain ownership will be verified. This ensures the secure usage of your API Key with the specified domain name.

Attribution for Free API Keys

When using the Free API Key, you MUST display “Protected by ALTCHA” along with the logo in the widget (i.e., do not use hidelogo or hidefooter). If you’re not using the widget, you MUST include an attribution in the footer of your website, at least on the homepage:

<a href="https://altcha.org">Protected by ALTCHA</a>

You may translate or modify the text, but it must convey a similar meaning to “Protected by ALTCHA”. The link must direct to https://altcha.org and should not include rel="nofollow".

Paid plans for the API are available in the Forms application.

For pricing, refer to the Forms pricing page. All SaaS plans grant access to both the Spam Filter API and Forms. Alternatively, you can opt for AntiSpam Only plans, which offer API access without Forms.

To obtain paid API access, follow these steps:

  1. Register for a new account on ALTCHA Forms at eu.altcha.org for EU customers, or us.altcha.org for US customers.
  2. Within the application, navigate to Account Settings -> Billing and select your desired plan.
  3. Complete the checkout process.
  4. Generate a new API Key within Account Settings -> API Keys.