Looking for an overview? See the hCaptcha product page

hCaptcha Accessibility Verification Interface

Human-in-the-Loop Requirement

This service is for accessibility testing and QA verification only. By using this API, you confirm: "I am NOT using this service for fully automated AI resolution in violation of the target service's 'No AI/Bot' clauses."

hCaptcha provides invisible and interactive verification challenges. The service returns a h-captcha-response token in a hidden textarea upon completion. MeshPrivacy provides accessibility interfaces for QA teams to verify captcha integration in their applications.

Token Details

Property	Value
Token Field	`h-captcha-response`
Token Length	~2000+ characters
Token TTL	Approximately 2 hours
Callback	`data-callback` required

Configuration

<!-- hCaptcha invisible mode configuration -->
<div class="h-captcha"
     data-sitekey="[sitekey]"
     data-size="invisible"
     data-callback="onSubmit">
</div>

<script>
function onSubmit(token) {
  // Token received - submit form
  document.getElementById('h-captcha-response').value = token;
  document.forms[0].submit();
}
</script>

Challenge Types

Passive (Invisible) Most Common

Background behavioral verification without visible challenge. Callback triggers automatically when risk is low.

Active (Interactive)

Visual challenge displayed when behavioral signals indicate higher risk. Requires image selection or other interactive verification.

Enterprise

Combined invisible and passive modes with enhanced detection. May fall back to active challenge based on risk scoring.

Integration Example

// Submit hCaptcha task to MeshPrivacy (QA/Testing only)
const response = await fetch('https://api.meshprivacy.com/v1/tasks/submit', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-API-Key': API_KEY
  },
  body: JSON.stringify({
    service: 'hcaptcha',
    url: 'https://target-site.com/',
    sitekey: 'abc123-def456...', // From page source data-sitekey
    proxy_config: 'http://user:pass@ip:port', // Your proxy
    user_agent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...',
    // Acknowledgment required for HITL services
    hitl_acknowledgment: true
  })
});

const { task_id } = await response.json();

// Poll for result
const result = await fetch(`https://api.meshprivacy.com/v1/tasks/result/${task_id}`, {
  headers: { 'X-API-Key': API_KEY }
});

const { token } = await result.json();
// Submit token as h-captcha-response field value

FAQ

How long are hCaptcha tokens valid?

hCaptcha tokens have a generous TTL of approximately 2 hours. However, some sites may verify tokens faster, so submit promptly for best results.

What's the difference between invisible and enterprise?

Invisible mode relies purely on behavioral signals. Enterprise combines multiple detection methods and may escalate to visual challenges more frequently for suspicious traffic.

Where do I find the sitekey?

The sitekey is in the data-sitekey attribute on the .h-captcha div element in the page HTML.

Related Services

FunCaptcha|reCAPTCHA v2|reCAPTCHA v3|Cloudflare Turnstile