Authentication

Captcha challenges for spam prevention

Get captcha challenge

get

/captcha

Returns a new captcha challenge for spam prevention. Users must solve the captcha before certain actions can be performed. Requires signed fetch authentication.

Authorizations

AuthorizationstringRequired

Signed fetch authentication using @dcl/platform-crypto-middleware (ADR-44l). Requires auth chain headers (x-identity, x-signature, x-timestamp) for signature validation. See http://adr.decentraland.org/adr/ADR-44l for details.

Responses

200

Captcha challenge generated successfully

application/json

401

Unauthorized - invalid signed fetch

application/json

403

Forbidden - invalid metadata or user is flagged

application/json

get

/captcha

GET /captcha HTTP/1.1
Host: credits.decentraland.org
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "challenge": "text",
  "imageUrl": "https://example.com",
  "expiresAt": "2026-01-19T15:43:31.506Z"
}

Verify captcha

post

/captcha

Verifies a captcha solution. Users who fail the captcha multiple times (3 attempts) will be flagged for 24 hours. Requires signed fetch authentication.

Authorizations

AuthorizationstringRequired

Body

challengestringRequired

Captcha challenge identifier from GET /captcha

solutionnumberRequired

User-provided X coordinate solution

Responses

200

Captcha verified successfully

application/json

400

Bad request - Invalid captcha solution

application/json

401

Unauthorized - invalid signed fetch

application/json

403

Forbidden - invalid metadata or user is flagged

application/json

post

/captcha

POST /captcha HTTP/1.1
Host: credits.decentraland.org
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 33

{
  "challenge": "text",
  "solution": 1
}

{
  "success": true,
  "message": "text",
  "creditsGranted": true
}

PreviousProgress NextSeasons

Last updated 2 months ago

hashtagGet captcha challenge

hashtagVerify captcha

Get captcha challenge

Verify captcha