captcha replacement

The CAPTCHA replacement humans never see

Beta

Voight tells bots and AI agents apart from people using proof-of-work, behavioral, and fingerprint signals — with zero clicks, puzzles, or traffic lights for real users.

Start free Read the docs

Try the live widget

The problem

CAPTCHAs tax every human to stop a few bots

reCAPTCHA, hCaptcha, and Turnstile tax every real user with image grids and checkboxes to stop a minority of bots, hurting conversion and accessibility. Developers want a CAPTCHA replacement that stays invisible to humans while still building a record of who is actually a bot.

How it works

Issue, verify, capture — in three calls

Voight slots in wherever your CAPTCHA used to be. Issue a challenge, verify on submit, and read back a compact capture summary.

Issue a challenge

Call POST /v1/challenge to mint a single-use nonce, a binding token, and an ALTCHA-style proof-of-work. The embeddable /check/challenge widget solves the proof-of-work in the background and captures interaction telemetry — no checkbox, no image grid, nothing the user has to do.

Verify on submit

On form submit, POST /v1/challenge/verify with the solved proof-of-work, the token, and the nonce. The nonce is single-use, so a replayed or forged challenge is rejected. The captured pointer, scroll, and timing trajectory is recorded for the bot/human model.

Read the capture summary

Verify returns a compact summary — pow_valid, token_valid, solve time, interaction counts, and a challenge_id. In beta this is capture-only: every request passes while the verdict calibrates, so you wire it in now and switch on enforcement when the model is ready.

Signals

Four signals fused into one label

No single tell decides a verdict. Proof-of-work, behavior, nonce binding, and network context are cross-checked by the label-later model — so a generative cursor or a solved puzzle alone never passes for human.

Proof-of-work (ALTCHA core)

The browser brute-forces an HMAC-bound SHA-256 challenge that the server re-derives statelessly. It imposes a real compute cost on bulk automation and is one tamper-resistant signal, never a standalone human/bot gate.

Behavioral trajectory

The widget records timestamped pointer movement, scroll, and interaction timing as the user reaches the target. Trajectory shape feeds a bot/human model — generative cursors are why this is one fusion signal, not the whole verdict.

Single-use nonce binding

Each challenge is HMAC-bound to a fresh nonce and your form/origin. verify consumes the nonce once, so a replayed token reports token_valid=false. This is a corpus-poisoning tax and a tell against scripted reuse.

Fingerprint and network context

Every verify also captures IP, ASN, country, user-agent, and referrer alongside the trajectory, giving the label-later pipeline independent signals to cross-check rather than trusting any single tell.

API

Verify on submit, read the capture summary

POST the solved proof-of-work, token, nonce, and captured telemetry to /v1/challenge/verify. In beta every verify passes — the summary is your corpus, not yet a gate.

curl -X POST https://api.formshield.dev/v1/challenge/verify \
  -H "Authorization: Bearer $FORMSHIELD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "form_id": "signup",
    "token": "fs2.eyJ...",
    "nonce": "n_8f3a91c2",
    "pow_solution": { "challenge": "a1b2c3...", "salt": "d4e5f6", "number": 18244, "signature": "9c7e...", "took": 62 },
    "voight": { "t0": 0, "ts": 1840, "tgt": [220, 140, 18], "ptr": [[12,40,210,0]], "scr": [], "key": [], "pow": { "d": 18244, "ms": 62 } }
  }'

{
  "version": "1",
  "data": {
    "passed": true,
    "pow_valid": true,
    "token_valid": true,
    "solve_ms": 62,
    "duration_ms": 1840,
    "n_pointer": 1,
    "n_scroll": 0,
    "target_hit": true,
    "challenge_id": "vgt_3f9a2c71b840"
  },
  "error": null,
  "metadata": { "credits": 1 }
}

FAQ

Common questions

Drop in the /check/challenge widget where your CAPTCHA used to sit, then call POST /v1/challenge to issue and POST /v1/challenge/verify on submit. There is no checkbox or image grid — the widget solves a background proof-of-work and captures interaction signals, so real users see nothing. It binds to your form_id and origin like a reCAPTCHA site key, but never interrupts a human.

Not yet. Voight is in beta and capture-only: it observes, scores, and labels traffic to train the bot/human verdict, and every verify currently passes (passed is always true). Wire it in now to start building your own labeled corpus and to be ready to flip on enforcement once the verdict finishes calibrating. Until then, keep an existing gate if you need hard blocking.

Each POST /v1/challenge/verify costs 1 credit. You get a compact JSON summary — pow_valid, token_valid, solve_ms, duration_ms, pointer and scroll counts, target_hit, and a challenge_id — plus the captured telemetry is recorded to your corpus. Issuing a challenge is free; you are billed per verify.

Stop fighting spam by hand

One API call. IP, email, content & behavior signals in a single intelligence platform. Start free, no credit card required.

Start Free View Docs