CaptchaLaCaptchaLa
Migration guide

Migrate from Friendly Captcha to CaptchaLa

Same privacy-first posture. Drop in CaptchaLa, gain mobile SDKs, mainland China availability, and visible challenge fallback. Migration is two file changes.

Sign up & grab a keyRead the comparison
FFriendly CaptchaCurrent setup~10 minCaptchaLaDrop-in target

What the code change looks like

Before — Friendly Captcha
<div class="frc-captcha" data-sitekey="YOUR_SITE_KEY"></div>
<script type="module" src="https://cdn.jsdelivr.net/npm/@friendlycaptcha/sdk/site.compat.min.js" async defer></script>
After — CaptchaLa
<div class="captchala" data-app-key="YOUR_APP_KEY"></div>
<script src="https://cdn.captcha.la/v1/captchala.js" async defer></script>
Before — Friendly Captcha server verify (Node)
const res = await fetch('https://api.friendlycaptcha.com/api/v1/siteverify', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    secret: process.env.FRIENDLY_SECRET,
    solution: req.body['frc-captcha-solution'],
    sitekey: process.env.FRIENDLY_SITEKEY,
  }),
})
const data = await res.json()
if (!data.success) return res.status(400).json({ error: 'bot' })
After — CaptchaLa server verify (Node)
const res = await fetch('https://api.captcha.la/v1/verify', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    appSecret: process.env.CAPTCHALA_SECRET,
    token: req.body['captchala-token'],
  }),
})
const data = await res.json()
if (!data.success) return res.status(400).json({ error: 'bot' })

Migration steps

  1. 1

    Sign up & grab your App Key + Secret

    Create a free CaptchaLa account, add a site, copy your keys. No sales call, no contract.

  2. 2

    Swap the widget tag

    Replace frc-captcha with captchala, data-sitekey with data-app-key, and the script src with our CDN. The module-type script becomes a regular async script.

  3. 3

    Update the hidden field name

    Friendly Captcha submits frc-captcha-solution; we submit captchala-token. Rename in your form handler if you read it by name.

  4. 4

    Update the server verify

    Endpoint changes to api.captcha.la/v1/verify. Body drops the sitekey field — we identify the site from your appSecret. Response shape's success boolean stays the same.

  5. 5

    Roll out gradually

    Swap one form at a time. CaptchaLa coexists with Friendly Captcha — they don't share cookies or state. Most teams find conversion improves slightly because POW compute on user devices is gone.

Faster: use a plugin

WordPress + WooCommerce

Replace your Friendly Captcha plugin with the official CaptchaLa plugin. Covers login, registration, comments, WooCommerce, CF7, Gravity, WPForms in one install.

View integration →

Frequently asked questions

Will I lose the auditable privacy story?

Friendly Captcha's POW-only architecture is more auditable in a literal cryptographic sense — there's truly nothing to fingerprint. CaptchaLa doesn't fingerprint either, but our architecture (adaptive risk + challenge) is more complex, which makes audit harder. If your privacy gating criterion is 'auditable by a privacy attorney with cryptography expertise,' that's a real distinction worth weighing.

What about mobile?

This is one of the biggest migration wins. Friendly Captcha is web-only. CaptchaLa has native iOS, Android, and Flutter SDKs — same backend, same dashboard, same billing. Ship CAPTCHA in your mobile app without picking a second vendor.

How do my users feel the difference?

On older phones and low-spec laptops, the POW compute Friendly Captcha runs in the background can be noticeable — a few seconds of CPU draw. CaptchaLa doesn't run heavy compute on the device. Most users won't notice either way; users with weak hardware will notice us less.