CaptchaLa Docs

English

简体中文
繁體中文
日本語
한국어
Bahasa Melayu
Tiếng Việt
Bahasa Indonesia
Español
Français
Deutsch
Русский
Türkçe
Português (Brasil)

English

简体中文
繁體中文
日本語
한국어
Bahasa Melayu
Tiếng Việt
Bahasa Indonesia
Español
Français
Deutsch
Русский
Türkçe
Português (Brasil)

Theme

View as Markdown

Fraud Prevention

Fraud Prevention tells you whether the traffic reaching your page is a real person or automated, invalid, or otherwise fraudulent traffic. It puts a clear verdict on each visit so you can identify and block bots, invalid traffic, and abusive behavior before it costs you.

Fraud takes many forms — click fraud on paid ads, invalid traffic (IVT) inflating your numbers, bots scraping your content or stuffing your funnels, and more. Fraud Prevention is the umbrella for catching all of it. This documentation focuses on its primary use case: ad fraud.

Use case: ad fraud

Paid advertising is full of clicks that never convert because they were never a real human in the first place — bots, click farms, and other forms of invalid traffic quietly drain your budget. Fraud Prevention puts a verdict on each visit so you can act on it. It is built for advertisers who buy paid traffic and for traffic providers (networks, affiliates, media buyers) who need to prove the quality of the clicks they deliver.

  • For advertisers — stop paying for traffic that can't convert. Catch invalid and bot traffic at the landing page, exclude it from your funnels, and feed the result back into your bid decisions and conversion reporting.
  • For traffic providers — get an independent, per-click verdict you can attach to your delivery reports. Show partners that your traffic is human, settle on clean numbers, and resolve disputes with data instead of arguments.

The same building blocks apply to adjacent fraud scenarios — click fraud scoring, IVT filtering, and anti-scraping — wherever you need a per-visit human/bot verdict.

How it works at a high level

Fraud Prevention observes each visit through many independent signals and runs them through an advanced risk model. The output is a single, easy-to-consume verdict for the visit: is it likely a bot, how suspicious it is, and what we recommend you do about it.

You integrate in two layers:

  1. Landing-page SDK — a small script on your landing page that requests a verdict for the current visit and hands it to your code through a callback. See Web SDK.
  2. Data API — a server-side API to pull verdicts, aggregate statistics, and export data for billing and reconciliation. See Data API.

The verdict fields (is_bot, score, level, action, …) and how to act on each are documented in the Verdict Reference.

One verdict, no internals

The SDK and APIs return only the final verdict — not the internal scoring details. This keeps your integration simple and stable while the detection model is maintained and improved on our side, so you never have to track signature updates.

Click tokens for traffic providers

When a traffic provider sends a visitor to an advertiser's landing page, the provider can carry a signed click token in the destination URL. Fraud Prevention ties the resulting verdict back to that click, so each delivered click can be reconciled against an independent human/bot verdict. See Data API → Click tokens.

Next steps

MIT-licensed examples · CaptchaLa is operated independently

© 2026 CaptchaLa