CaptchaLa Docs

English

简体中文
繁體中文
日本語
한국어
Bahasa Melayu
Tiếng Việt
Bahasa Indonesia
Español
Français
Deutsch
Русский
Türkçe
Português (Brasil)

English

简体中文
繁體中文
日本語
한국어
Bahasa Melayu
Tiếng Việt
Bahasa Indonesia
Español
Français
Deutsch
Русский
Türkçe
Português (Brasil)

Theme

View as Markdown

Fraud Prevention Data API

The Data API is the server-side counterpart to the Web SDK. Use it to pull verdicts, aggregate statistics, and export data for reporting and reconciliation — pulling the numbers your own systems agree on.

Base URL 

https://apiv1.captcha.la

Authentication

All Data API requests are authenticated with your Fraud Prevention application credentials, sent as headers:

X-App-Key:    YOUR_APP_KEY
X-App-Secret: YOUR_APP_SECRET

WARNING

X-App-Secret is server-side only. Never expose it to browsers, mobile apps, or public repositories. The page SDK only ever uses the public appKey.

Endpoints

Fetch a verdict

Retrieve the verdict for a single visit (e.g. to reconcile a specific visit).

bash
GET /v1/bot/verdict?cid=CID_OF_THE_VISIT
X-App-Key: YOUR_APP_KEY
X-App-Secret: YOUR_APP_SECRET

The response data is a BotVerdict object:

json
{
  "code": 0,
  "data": {
    "is_bot": true,
    "score": 87,
    "level": "high",
    "action": "flag",
    "consistency": { "ok": false },
    "degraded": false
  }
}

Aggregated stats

Pull bucketed counts over a time range — totals, bot share, and the breakdown by action/level — for dashboards and quality reports.

bash
GET /v1/bot/stats?from=2026-06-01&to=2026-06-30
X-App-Key: YOUR_APP_KEY
X-App-Secret: YOUR_APP_SECRET
json
{
  "code": 0,
  "data": {
    "from": "2026-06-01",
    "to": "2026-06-30",
    "total": 124500,
    "bots": 18230,
    "bot_rate": 0.146,
    "by_action": { "record_only": 102100, "flag": 19800, "challenge": 2600 },
    "by_level":  { "low": 100300, "medium": 16900, "high": 6200, "critical": 1100 }
  }
}

Export

Export per-visit verdict rows for a time range, for offline reconciliation.

bash
GET /v1/bot/export?from=2026-06-01&to=2026-06-30&format=csv
X-App-Key: YOUR_APP_KEY
X-App-Secret: YOUR_APP_SECRET

Each row carries the visit's identifier, timestamp, and verdict fields (is_bot, score, level, action), so you can join it back to your own logs.

Per-click reconciliation

For paid-traffic scenarios, a single visit can be tied back to a specific delivered click so two parties can settle on it. That uses a click token and is covered in the Ad fraud guide.

Next steps

MIT-licensed examples · CaptchaLa is operated independently

© 2026 CaptchaLa