DocsICP FilingConsole
官方文档
首页

Feature overview

更新时间:
复制 MD 格式
我的收藏

Captcha-free Verification is a new CAPTCHA solution from Alibaba Group. The Captcha-free Verification component collects signals and orchestrates downstream CAPTCHA services to deliver comprehensive human-machine identification.

After integrating Captcha-free Verification into your service, the component silently collects the required information. This process provides a zero-friction experience for most legitimate users. Only users with risk signals receive a CAPTCHA challenge based on the detected risk level.

Captcha-free Verification uses a backend-to-backend risk query mechanism. If your service already has risk control capabilities, you can easily integrate the human-machine identification feature of Captcha-free Verification into your existing risk control system.

Captcha-free verification workflow

The Captcha-free Verification service works as follows.

Integrate the Captcha-free Verification integration code into your application's client (web page) and backend. In your application's business logic, call the getNVCVal() method to obtain the risk control parameters.

  1. Integrate the Captcha-free Verification integration code into your application's client (web page) and backend. In your application's business logic, call the getNVCVal() method to obtain the risk control parameters.

    Important

    • When you integrate the verification code, the appkey and scene parameter values must match the values assigned in the corresponding verification configuration in the console. These values must be consistent on both the frontend and the backend.

    • To test different frontend styles, you can use the test parameters (appkey and scene) provided in the frontend code integration documentation. After testing, restore the original appkey and scene parameter values. Do not use the test parameters in a production environment.

    A user triggers a business request on the specified client page.

  2. The backend calls the AFS verification API (first call), sending a Captcha-free Verification request with the risk control parameters to the Alibaba Cloud server to assess the business request's risk level.

    Note

    The verification logic of Captcha-free Verification differs from that of slider verification. It uses a backend-to-backend verification call from your backend to the Alibaba Cloud server.

  3. The Alibaba Cloud server uses its risk control technology to determine the legitimacy of the verification request and returns a risk result code to your backend.

  4. Your backend processes the request based on the action corresponding to the returned risk result code (resultJson). The default actions are:

    • Code 200: The request passes verification directly.

    • Code 400: Secondary verification is triggered.

    • Code 800: The request is blocked directly.

    Note

    If the risk result code is 200 or 800, the final verification result is returned directly to the client.

  5. If the risk result code is 400, trigger the secondary verification component on the client page. For example, call the getNC() method to initiate slider verification.

  6. On the client (web page), the user moves the slider to the end. The slider component code automatically sends a verification request to the Alibaba Cloud server to determine if the action is legitimate.

  7. The Alibaba Cloud server uses its risk control technology to determine the legitimacy of the verification request and returns the result to the client.

    • Verification success: The nvcCallback callback method of the NVC_Opt object is automatically triggered on the client.

    • Verification failure: The client displays a failure message and prompts the user to try the slider verification again.

  8. The client obtains the complete data through the nvcCallback callback method and sends it to the backend.

    Note

    The data obtained from the callback method has the same string format as the one obtained from the getNVCVal method in the first verification request. You can send it directly to your backend.

  9. The backend calls the AFS verification API a second time, sending a new Captcha-free Verification request with the complete data from the secondary verification. The Alibaba Cloud server assesses this data to return the final verification result.

  10. The Alibaba Cloud server determines the legitimacy of the verification request and returns a risk result code to your backend.

  11. Your backend receives the verification result and processes it according to your business logic.

    • Code 100: Verification passed (no risk).

    • Code 900: Secondary verification failed (risk detected).

  12. The client receives the final verification result and proceeds with the business operation.

Quick start

Follow these steps to integrate the Captcha-free Verification service into your business:

Note

The Captcha-free Verification service only supports PC web pages and H5 (mobile WAP and apps) scenarios.

  1. Log in to the Alibaba Cloud Captcha console, and on the Captcha page, select the Configuration Management tab.

    The page displays a list of CAPTCHA configurations with columns such as Configuration Name, Scene, Verification Method, Service Type, Usage Scenario, and Last Updated. Click Add Configuration to add a new configuration, or click Customize Style and System Code Integration in the Actions column to perform further operations.

  2. Click Add Configuration.

    Note: If you have already created a Captcha-free Verification configuration for the required scenario, you can use the existing configuration and integration code.

    Based on your business requirements, set Configuration Name, Peak QPS, Use Case, and Business Type, and for Verification Method, select Captcha-free Verification.

    Note: Peak QPS refers to the number of page views per second during your peak business hours.

  3. Click Next.

    Important

    Once a configuration is created, it is written to the production environment and cannot be modified or deleted. Ensure your settings are correct before proceeding.

  4. On the System Code Integration & Test page, save the frontend and backend integration code that is automatically generated for you.

  5. Integrate the provided frontend and backend integration code into your application's frontend pages and backend, respectively.

After completing the configuration, your service can use Alibaba Cloud's human-machine identification technology to implement CAPTCHA.

More features

After integrating the Captcha-free Verification service into your business, you can also use the following features:

Previous:No trace verificationNext:Frontend code integration (New version)