API Keys
API Keys are used to authorize access to the API and must be included with every request. There are two types of API Keys:
- Free API Keys (starting with
ckey_...
, wherec
denotes cryptographic) - Paid API Keys (starting with
key_...
)
Free API Keys
Free API Keys can be created at no cost, providing limited access to the API.
Conditions for using Free API Keys:
- Limited to 200 requests per day (per domain)
- Subject to other rate limits
- Attribution required
Generating a Free API Key
Free API Keys are tied to a specific domain name and only function on websites hosted on the provided domain name.
The server will generate a new Free API Key and a secret:
The secret csec_...
is used for payload verification (as HMAC secret) and must remain confidential, never exposed publicly.
Refer to the documentation to learn how to generate a new API Key using the API.
Domain Verification
While optional, domain verification is strongly recommended. Verifying the ownership of your domain name via the DNS TXT
record configured with the provided altcha-verification=...
value adds an extra layer of security.
Domain verification ensures that your API Key is appropriately associated with the domain name it is intended to work with.
To verify your domain name, follow these steps:
- Access your DNS records management panel.
- Add a
TXT
record with the following details:- Record Type: TXT
- Host/Name: @ (or your domain name)
- Value/Text:
altcha-verification=abc...
(replaceabc...
with your unique verification token obtained when you generated the API Key)
- Save the changes.
Once the DNS record is successfully added and propagated, the domain ownership will be verified. This ensures the secure usage of your API Key with the specified domain name.
Attribution for Free API Keys
When using the Free API Key, you MUST display “Protected by ALTCHA” along with the logo in the widget (i.e., do not use hidelogo
or hidefooter
). If you’re not using the widget, you MUST include an attribution in the footer of your website, at least on the homepage:
You may translate or modify the text, but it must convey a similar meaning to “Protected by ALTCHA”. The link must direct to https://altcha.org
and should not include rel="nofollow"
.
Paid API Keys
Paid plans for the API are available in the Forms application.
For pricing, refer to the Forms pricing page. All SaaS plans grant access to both the Spam Filter API and Forms. Alternatively, you can opt for AntiSpam Only plans, which offer API access without Forms.
To obtain paid API access, follow these steps:
- Register for a new account on ALTCHA Forms at eu.altcha.org for EU customers, or us.altcha.org for US customers.
- Within the application, navigate to Account Settings -> Billing and select your desired plan.
- Complete the checkout process.
- Generate a new API Key within Account Settings -> API Keys.