# Authentication

Captcha challenges for spam prevention

## Get captcha challenge

> Returns a new captcha challenge for spam prevention. \
> Users must solve the captcha before certain actions can be performed.\
> Requires signed fetch authentication.<br>

```json
{"openapi":"3.1.0","info":{"title":"Credits Server API","version":"1.0.0"},"tags":[{"name":"Authentication","description":"Captcha challenges for spam prevention"}],"servers":[{"url":"https://credits.decentraland.org","description":"Production environment","variables":{}},{"url":"https://credits.decentraland.zone","description":"Development environment","variables":{}}],"security":[{"SignedFetch":[]}],"components":{"securitySchemes":{"SignedFetch":{"type":"http","scheme":"bearer","description":"Signed fetch authentication using @dcl/platform-crypto-middleware (ADR-44l). \nRequires auth chain headers (x-identity, x-signature, x-timestamp) for signature validation. \nSee http://adr.decentraland.org/adr/ADR-44l for details.\n"}}},"paths":{"/captcha":{"get":{"tags":["Authentication"],"summary":"Get captcha challenge","description":"Returns a new captcha challenge for spam prevention. \nUsers must solve the captcha before certain actions can be performed.\nRequires signed fetch authentication.\n","operationId":"getCaptcha","responses":{"200":{"description":"Captcha challenge generated successfully","content":{"application/json":{"schema":{"type":"object","properties":{"challenge":{"type":"string","description":"Captcha challenge identifier"},"imageUrl":{"type":"string","format":"uri","description":"Base64 encoded image URL for the captcha"},"expiresAt":{"type":"string","format":"date-time","description":"Challenge expiration timestamp"}},"required":["challenge","imageUrl","expiresAt"]}}}},"401":{"description":"Unauthorized - invalid signed fetch","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}},"403":{"description":"Forbidden - invalid metadata or user is flagged","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}}}}}}}
```

## Verify captcha

> Verifies a captcha solution. Users who fail the captcha multiple times (3 attempts) \
> will be flagged for 24 hours. Requires signed fetch authentication.<br>

```json
{"openapi":"3.1.0","info":{"title":"Credits Server API","version":"1.0.0"},"tags":[{"name":"Authentication","description":"Captcha challenges for spam prevention"}],"servers":[{"url":"https://credits.decentraland.org","description":"Production environment","variables":{}},{"url":"https://credits.decentraland.zone","description":"Development environment","variables":{}}],"security":[{"SignedFetch":[]}],"components":{"securitySchemes":{"SignedFetch":{"type":"http","scheme":"bearer","description":"Signed fetch authentication using @dcl/platform-crypto-middleware (ADR-44l). \nRequires auth chain headers (x-identity, x-signature, x-timestamp) for signature validation. \nSee http://adr.decentraland.org/adr/ADR-44l for details.\n"}}},"paths":{"/captcha":{"post":{"tags":["Authentication"],"summary":"Verify captcha","description":"Verifies a captcha solution. Users who fail the captcha multiple times (3 attempts) \nwill be flagged for 24 hours. Requires signed fetch authentication.\n","operationId":"verifyCaptcha","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"challenge":{"type":"string","description":"Captcha challenge identifier from GET /captcha"},"solution":{"type":"number","description":"User-provided X coordinate solution"}},"required":["challenge","solution"]}}}},"responses":{"200":{"description":"Captcha verified successfully","content":{"application/json":{"schema":{"type":"object","properties":{"success":{"type":"boolean","description":"Verification success status"},"message":{"type":"string","description":"Verification message"},"creditsGranted":{"type":"boolean","description":"Whether credits were granted after successful verification"}},"required":["success"]}}}},"400":{"description":"Bad request - Invalid captcha solution","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}},"401":{"description":"Unauthorized - invalid signed fetch","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}},"403":{"description":"Forbidden - invalid metadata or user is flagged","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}}}}}}}
```