CaptchaLaCaptchaLa
本页仅提供英文版。 联系我们申请你的语言。
Migration guide

Migrate from Friendly Captcha to CaptchaLa

Same privacy-first posture. Drop in CaptchaLa, gain mobile SDKs, mainland China availability, and visible challenge fallback. Migration is two file changes.

Sign up & grab a keyRead the comparison
FFriendly CaptchaCurrent setup~10 minCaptchaLaDrop-in target

代码改动长这样

Before — Friendly Captcha
<div class="frc-captcha" data-sitekey="YOUR_SITE_KEY"></div>
<script type="module" src="https://cdn.jsdelivr.net/npm/@friendlycaptcha/sdk/site.compat.min.js" async defer></script>
After — CaptchaLa
<button id="login-btn">Sign in</button>
<script src="https://cdn.captcha-cdn.net/captchala-loader.js"></script>
<script>
  loadCaptchala(() => Captchala.init({ appKey: 'YOUR_APP_KEY', action: 'login' })
    .onSuccess(res => onToken(res.token))
    .bindTo('#login-btn'));
</script>
Before — Friendly Captcha server verify (Node)
const res = await fetch('https://api.friendlycaptcha.com/api/v1/siteverify', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    secret: process.env.FRIENDLY_SECRET,
    solution: req.body['frc-captcha-solution'],
    sitekey: process.env.FRIENDLY_SITEKEY,
  }),
})
const data = await res.json()
if (!data.success) return res.status(400).json({ error: 'bot' })
After — CaptchaLa server verify (Node)
const res = await fetch('https://apiv1.captcha.la/v1/validate', {
  method: 'POST',
  headers: {
    'X-App-Key': process.env.CAPTCHALA_APP_KEY,
    'X-App-Secret': process.env.CAPTCHALA_APP_SECRET,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ pass_token: req.body['captchala-token'] }),
})
const { data } = await res.json()
if (!data || !data.valid) return res.status(400).json({ error: 'bot' })

迁移步骤

  1. 1

    Sign up & grab your App Key + Secret

    Create a free CaptchaLa account, add a site, copy your keys. No sales call, no contract.

  2. 2

    Swap the widget tag

    Replace frc-captcha with captchala, data-sitekey with data-app-key, and the script src with our CDN. The module-type script becomes a regular async script.

  3. 3

    Update the hidden field name

    Friendly Captcha submits frc-captcha-solution; we submit captchala-token. Rename in your form handler if you read it by name.

  4. 4

    Update the server verify

    Endpoint changes to apiv1.captcha.la/v1/validate. Body drops the sitekey field — we identify the site from your appSecret. Response shape's valid flag (data.valid) stays the same.

  5. 5

    Roll out gradually

    Swap one form at a time. CaptchaLa coexists with Friendly Captcha — they don't share cookies or state. Most teams find conversion improves slightly because POW compute on user devices is gone.

更快:用插件

WordPress + WooCommerce

Replace your Friendly Captcha plugin with the official CaptchaLa plugin. Covers login, registration, comments, WooCommerce, CF7, Gravity, WPForms in one install.

View integration →

常见问题

Will I lose the auditable privacy story?

Friendly Captcha's POW-only architecture is more auditable in a literal cryptographic sense — there's truly nothing to fingerprint. CaptchaLa doesn't fingerprint either, but our architecture (adaptive risk + challenge) is more complex, which makes audit harder. If your privacy gating criterion is 'auditable by a privacy attorney with cryptography expertise,' that's a real distinction worth weighing.

What about mobile?

This is one of the biggest migration wins. Friendly Captcha is web-only. CaptchaLa has native iOS, Android, and Flutter SDKs — same backend, same dashboard, same billing. Ship CAPTCHA in your mobile app without picking a second vendor.

How do my users feel the difference?

On older phones and low-spec laptops, the POW compute Friendly Captcha runs in the background can be noticeable — a few seconds of CPU draw. CaptchaLa doesn't run heavy compute on the device. Most users won't notice either way; users with weak hardware will notice us less.