Client Server REST API captcha implementation
I'm building client server REST application. Client side is based on Angular while server is PHP (not that it matters much anyhow).
What I am wondering if there are any best practices, good examples of captcha implementation in this case? Captcha would be used for user registration etc.
I'm not limited to any specific libraries, only requirement is that there cannot be any calls to 3rd party servers on client side (js libraries hosted on 3rd party servers or req api key etc).
thanks
Answer
When google captcha approves one user, it provides you a token.
So imagine this context. Users is about to save, and uses the captcha, the captcha does its business until approve user and gives you a token, it is all that matters.
If you want to see a "tentative" flow of requests for this.
- User before register passed captcha, the captcha gives you a token in the front end.
- User clicks save, you receive in the backend the form data and the captcha token. You ask to google through the api, does the token is real? if they said yes, you save the form, if somehow Google does not recognize it, you return an error.
- Front end listen for success or error and what kind of error. IF error is captcha, force a retry, get a new token.
- Backend receive again the form data and the new token and check again.