---
title: Documentation
---

# CaptchaLa — Bot & Abuse Prevention Platform

CaptchaLa is a bot and abuse prevention platform. A server-side risk engine
scores each request and shows an interactive CAPTCHA only when needed; it also
offers content moderation APIs. Integration is SDK-based and takes minutes. To
understand the verification model before integrating, read
[How verification works](./concepts/how-verification-works).

::: tip See it work in 30 seconds
[demo-v1.captcha.la](https://demo-v1.captcha.la) — pure HTML + PHP, MIT-licensed, view-source on every page.

- [popup.html](https://demo-v1.captcha.la/popup.html) — popup mode
- [float.html](https://demo-v1.captcha.la/float.html) — floating widget
- [bind.html](https://demo-v1.captcha.la/bind.html) — bind to button
- [inline.html](https://demo-v1.captcha.la/inline.html) — inline embed
- [server-token.html](https://demo-v1.captcha.la/server-token.html) — server-issued token (anti-replay)
:::


## Quick Links

- **[5-Minute Quickstart](./quickstart)** — This guide will help you integrate CaptchaLa CAPTCHA in 5 minutes.
- **[How verification works](./concepts/how-verification-works)** — The risk-engine-first graduated model, token types, and the server-side verification flow.
- **[Attestation & Privacy Pass](./concepts/attestation-and-privacy-pass)** — How CaptchaLa ingests web attestation tokens (PAT / Privacy Pass), the web-vs-native reality, and roadmap.
- **[Web SDK Guide](./web-sdk)** — Web SDK supports all modern browsers with multiple integration methods.
- **[API Reference](./api-reference)** — CaptchaLa provides RESTful API for all server-side integrations.

## SDK Docs

- [Web SDK](./web-sdk)
- [Android SDK](./sdk/android)
- [iOS / macOS SDK](./sdk/ios)
- [Flutter SDK](./sdk/flutter)
- [Electron SDK](./sdk/electron)

## Security Modes

- **[Server-issued Token — Quick Start](./quickstart#server-token)** — Architecture and code samples for the backend-first token flow used in production.
- **[Server-issued Token — API Reference](./api-reference#server-token)** — POST /v1/server/challenge/issue — parameters, response schema, and error codes.