Skip to main content

Invisible Captcha

Invisible Captcha is where no visible captcha is shown to verify the user, and a verifiedToken is still created as proof of verification. MTCaptcha currently supports 2 types of Invisible Captcha: (Both types can only be enabled via MTCaptcha’s Admin Portal > Sites Module)

  • Low Friction Invisible Captcha

    Where the user is only shown a captcha if MTCaptcha’s Risk Engine evaluates the user maybe of some risk. Most real users can proceed without interacting with any captcha challenge. In this scenario the captcha may or may not be visible for any given user.

    Analysis show Low Friction Invisible Captcha increases first attempt pass rate to over 99.5% for real humans (statistics from blended account usage).

    Low Friction Invisible Captcha can be enabled per site using the Admin Portal > Sites Module.

  • IP Whitelist Invisible Captcha

    Where users will not see any visible captcha if they visit from an internet IP address that matches the IP White list configured for the site. In this scenario all users within these IPs whitelisted will never see captcha.

    IP Whitelist Invisible Captcha can be enabled per site using the Admin Portal > Sites Module.

Invisible Captcha and Widget Loading Animation​

Code Generator Snippet

Make sure to disable the widget loading animation when invisible captcha is used. To disable the loading animation use the ‘loadAnimation’ javascript config param:

  var mtcaptchaConfig = {
        ... 
        "loadAnimation": "false"
     };

Invisible Captcha and Js Callbacks​

See Developers Guide - JS Callbacks for complete documentation on supported callbacks. The standard callback sequence of a visible captcha is usually in the sequence **jsloaded > rendered > verified ** (standard sequence) In situations where the captcha is invisible, ‘rendered’ callback would be skipped. **jsloaded > verified ** (invisible sequence) Under conditions where the initial (invisible) verifiedToken expires, you may see
jsloaded > verified > verifyexpired > verified (invisible sequence with expiration) jsloaded > verified > verifyexpired > rendered > verified (invisible expired to visible)

How to Check if Current Captcha is Visible (Browser Side, Javascript)?​

The javascript object state.isVisible (boolean) field indicates if the captcha is currently visible or invisible. The state object can be found in

How to Check a Verifiedtoken is the Result of Invisible Captcha (From Server Side)?​

The tokeninfo.code and tokeninfo.codeDesc from the CheckToken API response can provide information on how the token was verified.

Specifically tokeninfo.code

  • 211 is verified via IP Whitelist
  • 212 is verified via Low Friction

See Developers Guide - Validate Token for more information on CheckToken API and response.

How to Force Visible Captcha When Invisible Captcha is Enabled?​

One can use the same sitekey across different workflows and leverage Invisible Captcha in one workflow (eg login), and use visible captcha in another (eg registration).

To ensure the user is presented with a visible captcha when Low Friction Invisible is enabled, use the ‘lowFrictionInvisible’ javascript config param:

  var mtcaptchaConfig = {
      ... 
      "lowFrictionInvisible": "force-visible",
   };

Invisible Captcha and Js Callbacks​

See Developers Guide - JS Callbacks for complete documentation on supported callbacks.

The standard callback sequence of a visible captcha is usually in the sequence

jsloaded > rendered > verified (standard sequence)

In situations where the captcha is invisible, ‘rendered’ callback would be skipped.

jsloaded > verified (invisible sequence)

Under conditions where the initial (invisible) verifiedToken expires, you may see

jsloaded > verified > verifyexpired > verified (invisible sequence with expiration)

jsloaded > verified > verifyexpired > rendered > verified (invisible expired to visible)

How to Check if Current Captcha is Visible (Browser Side, Javascript)?​

The javascript object state.isVisible (boolean) field indicates if the captcha is currently visible or invisible.

The state object can be found in

How to Check a Verifiedtoken is the Result of Invisible Captcha (From Server Side)?​

The tokeninfo.code and tokeninfo.codeDesc from the CheckToken API response can provide information on how the token was verified.

Specifically tokeninfo.code

  • 211 is verified via IP Whitelist
  • 212 is verified via Low Friction

See Developers Guide - Validate Token for more information on CheckToken API and response.

How to Force Visible Captcha When Invisible Captcha is Enabled?​

One can use the same sitekey across different workflows and leverage Invisible Captcha in one workflow (eg login), and use visible captcha in another (eg registration).

To ensure the user is presented with a visible captcha when Low Friction Invisible is enabled, use the ‘lowFrictionInvisible’ javascript config param:

var mtcaptchaConfig = {
      ... 
      "lowFrictionInvisible": "force-visible",
   };

How to Force Visible and Invisible Captcha in Development Mode?​

Developers can explicitly set the captcha to be invisible or visible during development, by using the ‘testmode_lowFrictionInvisible’ and ‘enableTestMode’ javascript config params.

The ‘TestKey’ is part of the site keyset, and can be found next to the PrivateKey in MTCaptcha Admin Console.

var mtcaptchaConfig = {
  ...
  'enableTestMode': '<TestKey>';
  "testmode_lowFrictionInvisible": "force-invisible", 
  // or 'force-visible' 
};