The Free Open-Source Captcha API is a lightning-fast, stateless Captcha service built on Cloudflare's global edge network. Protect your login, signup, and contact forms from bots — completely free, forever.
🌐 Live API: https://captcha-api.solvcraft.workers.dev
📖 Interactive Docs: https://captcha-api.solvcraft.workers.dev/docs
Runs on Cloudflare Workers at the edge — millisecond response times, globally. Your API server never slows down because analytics are written asynchronously in the background.
Every captcha comes with an HMAC-SHA256 signed token. The answer is never stored — not in a database, not in the token itself. Tokens auto-expire in 5 minutes, making replay attacks impossible.
No monthly fees, no API keys, no rate-limit tiers for basic usage. Self-host it on your own Cloudflare account in minutes.
Works with any stack — React, Vue, Next.js, Angular, or plain HTML. No bloated SDKs, just two HTTP calls.
curl https://captcha-api.solvcraft.workers.dev/generateResponse:
{
"svg": "<svg>...captcha image...</svg>",
"token": "MTc3Mjg5M....<hmac-signature>"
}Render the svg directly on your page. Store the token in a hidden field.
curl -X POST https://captcha-api.solvcraft.workers.dev/verify \
-H "Content-Type: application/json" \
-d '{"token":"<token>","answer":"<user_input>"}'Response:
{ "success": true }User visits form → GET /generate → Show SVG → User types answer
→ POST /verify with token + answer → { success: true/false }
Tokens are structured as base64(timestamp).HMAC(answer:timestamp, secret) — the captcha answer is never stored or embedded anywhere. It's verified by re-computing the HMAC server-side.
| Method | Endpoint | Description |
|---|---|---|
GET |
/generate |
Returns an SVG captcha image and a signed token |
POST |
/verify |
Validates the token and user's answer |
GET |
/docs |
Interactive Swagger UI |
GET |
/openapi.json |
OpenAPI 3.0 specification |
MIT — free to use, fork, and deploy.