CaptchaLa Docs

English

简体中文
繁體中文
日本語
한국어
Bahasa Melayu
Tiếng Việt
Bahasa Indonesia
Español
Français
Deutsch
Русский
Türkçe
Português (Brasil)

English

简体中文
繁體中文
日本語
한국어
Bahasa Melayu
Tiếng Việt
Bahasa Indonesia
Español
Français
Deutsch
Русский
Türkçe
Português (Brasil)

Theme

View as Markdown

Fraud Prevention

Fraud Prevention tells you whether each visit to your site, app, or page is a real person or automated, invalid, or otherwise fraudulent traffic. It puts a clear verdict on every visit so you can identify and act on bots, invalid traffic, and abusive behavior before they cost you — wherever that traffic shows up.

Fraud is not one problem. It is bots draining budgets, invalid traffic inflating your numbers, scrapers harvesting your content, scripts farming signups, and fake accounts crowding your community. Fraud Prevention is the single umbrella for all of it: one verdict per visit, one integration, many use cases.

Use cases

These are all the same product. You pick the protection you need today and add more as you grow — the verdict you act on is identical across every one of them.

  • Fake & invalid traffic (IVT) — keep automated, non-human traffic off your pages and funnels, so your metrics reflect real intent and real visitors.
  • Anti-scraping — protect your content, pricing, and data from automated harvesting, so the value you publish stays yours.
  • Account protection — guard signups and logins against fake registrations and abusive automation, so your accounts belong to real people.
  • Content protection — keep spam, fake accounts, and automated abuse off content and social platforms, so communities stay genuine and trustworthy.

One integration, every scenario

Every use case above runs on the same building blocks — the SDK, the verdict, and the Data API. In all of them, Fraud Prevention does one thing: it gives each visit a human / bot verdict. What changes from one scenario to the next is only what you do with that verdict once you have it — exclude it from a funnel, block a signup, or drop a scraper.

How it works at a high level

Fraud Prevention evaluates each visit with an advanced risk model and returns a single, easy-to-consume verdict: is the visit likely a bot, how suspicious it is, and what we recommend you do about it.

You integrate in two layers:

  1. SDK — a small script on your page that requests a verdict for the current visit and hands it to your code through a callback. See Web SDK.
  2. Data API — a server-side API to pull verdicts, aggregate statistics, and export data for reporting and reconciliation. See Data API.

The verdict fields (is_bot, score, level, action, …) and how to act on each are documented in the Verdict Reference.

One verdict, no internals

The SDK and APIs return only the final verdict — not the internal scoring details. This keeps your integration simple and stable while the detection model is maintained and improved on our side, so you never have to track signature updates.

Scenario guides

The core integration above is the same everywhere. Some scenarios add a few specifics on top of it — extra steps, conventions, or fields that only that scenario needs. Those live in dedicated guides:

  • Ad fraud — protecting paid traffic and campaigns, where a third party delivers visitors and both sides need to reconcile on an independent per-click human/bot conclusion (click tokens, advertiser / provider roles, settlement).

Next steps

MIT-licensed examples · CaptchaLa is operated independently

© 2026 CaptchaLa