A lightweight CAPTCHA that works like a risk engine instead of a roadblock.

AstraCaph minimizes friction for real users first: passive telemetry when confidence is high, graceful escalation only when risk is unclear, and signed proof when your backend needs verification.

WidgetEdgeRedisTailwind

Live Demo

This is how the captcha looks on a real page

Below is a real AstraCaph widget mounted in open mode. It shows the actual verification UI and the token issued after a successful pass.

Issued token:

The token will appear here after successful verification

This example uses AstraCaph's open profile and renders the live production-style widget UI without a mandatory frontend key.

<script src="https://caph.astracat.ru/api/v1/widget.js" async defer></script>
<div id="astracaph-container"></div>

Open guide Manage keys

Fingerprint: User-Agent, Canvas, WebGL, timezone, screen metrics

Motion analysis: pointer path smoothness, jitter, direction changes, idle pauses

Behavior scoring: dwell time, click tempo, focus churn, key cadence

IP intelligence: multiple free IP databases to estimate hosting / residential / proxy / vpn

Security: HMAC JWT, rate limiting, optional verify IP allowlist

Passive-first trust

The widget first scores pointer movement, browser posture and interaction timing. Active verification appears only when the session remains uncertain.

Low-latency edge flow

Challenge and verify endpoints are designed for Vercel Edge with short TTFB, one-time signed tokens and lightweight request handling.

Single-domain product

Landing, docs, widget delivery and verification API live under one domain, keeping integration and origin governance simple.

Open key issuance

The default integration works without a frontend key. If you need stricter isolation, you can still issue secrets and bind verification to one exact origin.