authorize( )

Developer Preview

This API is subject to change. Bug fixes and new features will be released based on developer feedback throughout the preview period.

Authorizes the CAPTCHA token.

Following CAPTCHA verification on the client side, you must authorize the generated CAPTCHA token in the backend.

authorize() checks if the token is valid, making sure it was not tampered with or timed out.

The authorize() function returns a Promise that resolves to a Success object when the token is authorized and to an Error object when authorization fails.

To understand how authorize() is used in a typical CAPTCHA validation lifecycle, click here.

If CAPTCHA token authorization fails, an error message containing a status code is returned. The following table lists the possible HTTP error status codes, based on RFC 2616:

Status CodeNameDescription
400Bad RequestThe request could not be understood by the server. This could occur for a number of reasons, such as:
  • The request was sent without a token.
  • The token is invalid.
  • The token has timed out.
401UnauthenticatedNo user identity found in passed request.
500Internal Server ErrorThe server encountered an unexpected condition, such as a missing or invalid private CAPTCHA key.
503UnavailableThe service is unavailable due to one of the following:
  • Throttled error: Server overload due to more than the allowed requests in a given time frame.
  • Request failed: No response following 10 retries with a 1-second interval.
Admin Method

This function requires elevated permissions and runs only on the backend and on dashboard pages.

Method Declaration
Method Parameters

The CAPTCHA token to authorize.

Return Type:Promise<CaptchaResponse>
Was this helpful?