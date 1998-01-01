Ce contenu n’est pas encore disponible dans votre langue.
Server Integration
For seamless backend integration, we provide official ALTCHA libraries for various programming languages and environments.
We recommend using ALTCHA Sentinel for verification as it offers robust protection and enhanced security.
Libraries
Verification
After the widget verifies the user, you must cryptographically verify the ALTCHA payload submitted by the widget on your server. The payload is a Base64-encoded JSON string, typically submitted as a form field named
altcha (this can be customized using the
name attribute in the widget).
This verification usually occurs in your form submission handler (e.g.,
POST /submit endpoint) where the form data is processed.
The verification is entirely cryptographic, requiring no API calls, making it extremely efficient and fast.
Verifying Sentinel
a) Using the Library
When using the Sentinel server, verify the payload using the
verifyServerSignature function from the Altcha library.
Use the API key secret generated by Sentinel as the HMAC key.
For an overview of the verification flow, refer to the verification diagram.
For supported environments, see Libraries and Plugins. Currently supported environments include TypeScript, Go, Python, Java, Elixir, PHP, and Ruby.
This pattern is consistent across all supported languages. Check the documentation for your specific library for implementation details.
b) Using the HTTP API
If the library is not available in your environment, you can use the
POST /v1/verify/signature endpoint to verify the payload:
The API endpoint is public and does not require authentication.
In addition to the
verified boolean, the response also includes
apiKey and parsed
verificationData. See the API documentation for more details.
The endpoint also includes built-in protection against replay attacks: it will return
verified: true only once, on the first valid call.
Verifying Sentinel
For solutions not using the Sentinel server, utilize the verification functions provided by our libraries. Each library’s documentation contains specific implementation details.
A custom server integration requires implementing a HTTP endpoint to generate new challenges. Configure this endpoint’s address as
challengeurl in the widget.
- View the verification diagram for custom verification
- Review security recommendations for custom implementations
For submission verification, use the
verifySolution function:
Examples
Example server implementations: