Prosopo Procaptcha
and CapMonster Cloud

Captcha solution, website installation, and testing.

Inherited a site with a captcha or another protection layer but no access to the source code? In that case you naturally ask: which solution is installed, is it configured correctly, and how can the workflow be tested?

In this article, we have tried to answer all the key questions. The first step in solving the task is to determine which protection system is being used. To do this, you can refer to the list of popular captchas and anti-bot protection systems, where you will find visual examples and key indicators that help you quickly understand what you are dealing with.

If you discover that your site uses Prosopo Procaptcha, the next step is to study its properties and operation in more detail. In this article, you can also review the instructions on how to integrate Prosopo Procaptcha so that you fully understand how it functions on your site. This will help you not only understand the current protection, but also properly plan its maintenance.

What is Procaptcha

Procaptcha is a protection system from Prosopo designed to prevent spam and automated actions that could harm a website. It helps distinguish real users from bots, ensuring website security and stability. If the system doubts the authenticity of a visitor, it provides a verification task (e.g., selecting specific images). Real users can still use the website conveniently and without interruption.

Examples of Prosopo Procaptcha

Frictionless CAPTCHA

Invisible captcha. Automatically determines if the visitor is a real user or a bot. If the user behaves naturally (normal browser, no automation), the captcha is solved unobtrusively. If bot signs are detected, the user is shown an additional image task.

Proof of Work (PoW) CAPTCHA

Computation-based captcha, i.e., it makes your device solve a small computational task in the background. The main goal is to stop mass bots and spam, as automated systems have to spend time and resources completing the task. For humans, it is usually almost unnoticeable.

Image CAPTCHA

Classic visual captcha. Displays images and asks to select those that meet the condition (e.g., 'select all horses').

How to solve Procaptcha via CapMonster Cloud

When testing forms that include Prosopo Procaptcha, you often need to verify that the captcha works and is integrated correctly.

You can verify the captcha embedded on your site manually.

Open the form page and make sure the captcha renders.
Try submitting the form without solving it — the server should return an error.
After a successful solution, the form must be submitted without issues.

For automatic solving you can use tools like CapMonster Cloud, which accepts captcha parameters, processes them on its servers, and returns a ready-to-use token. Insert this token into the form to pass the check without user interaction.

Working with CapMonster Cloud via API typically involves the following steps:

Creating a task

At this stage, you provide your API key, captcha type, and its parameters. The service returns a unique taskId, which can later be used to get the result.

Sending an API request

The request to solve Prosopo must include the following parameters:

type - ProsopoTask

websiteURL - Full URL of the captcha page;

websiteKey - Value of the siteKey parameter found on the page.

Find more details about the parameters and how to gather them automatically before sending a task in the CapMonster Cloud documentation.

Endpoint for sending the task:

https://api.capmonster.cloud/createTask

Request example:


{
"clientKey": "API_KEY",
"task": {
  "type": "ProsopoTask",
  "websiteURL": "https://www.example.com",
  "websiteKey": "5EZU3LG31uzq1Mwi8inwqxmfvFDpj7VzwDnZwj4Q3syyxBwV"
  }
}

Response:

{
  "errorId":0,
  "taskId":407533072
}

Receiving the result

After creating the task, poll the solution status.

Address to receive the result:

https://api.capmonster.cloud/getTaskResult

Request example:

{
  "clientKey":"API_KEY",
  "taskId": 407533072
}

Response:


{
"errorId":0,
"status":"ready",
"solution": {
  "token": "0x00016c68747470733a2f2f70726f6e6f6465332e70726f736f706f2e696fc0354550516f4d5a454463354c704e376774784d4d7a5950547a4136..."
  }
}

Placing the token on the page

The obtained token can be inserted into a hidden form field or called via a JS function on the website to confirm the solution. After that, the server will accept the form as correctly filled. For automation and testing, it is convenient to use Puppeteer, Selenium, or Playwright to emulate user actions, insert tokens, and submit forms.

Procaptcha recognition using ready-made libraries

CapMonster Cloud provides ready-to-use libraries for convenient work in Python, JavaScript (Node.js), and C#.

Python

JavaScript

Solve captcha, insert token, and submit form

Node.js example for the full cycle of captcha recognition on your web page. Possible approaches: use HTTP requests to get HTML and captcha parameters, submit the response and process the result; or use automation tools (e.g., Playwright) — open the page, wait for captcha, submit parameters (for testing you can send correct or incorrect data), get the result via the CapMonster Cloud client, insert the token into the form, and see the result.


async function sendTokenToSite(token) {
    // Form URL or endpoint where the token should be sent
    const formURL = "https://example..com/en/your-form-endpoint";

    // Example form data
    const formData = {
        email: "example@example.com",
        password: "yourpassword",
        "procaptcha-response": token // Procaptcha token
    };

    try {
        const response = await fetch(formURL, {
            method: "POST",
            headers: {
                "Content-Type": "application/json", // или 'application/x-www-form-urlencoded' depending on the website
            },
            body: JSON.stringify(formData),
        });

        const result = await response.text(); // or response.json() if the server returns JSON
        console.log("Server response:", result);
    } catch (err) {
        console.error("Error sending token:", err);
    }
}

// Main function
async function solveAndSend() {
    const client = CapMonsterCloudClientFactory.Create(
        new ClientOptions({ clientKey: API_KEY })
    );

    const prosopoRequest = new ProsopoRequest({
        websiteURL: "https://example.com/en/",
        websiteKey: "5EZU3LG31uzq1Mwi8inwqxmfvFDpj7VzwDnZwj4Q3syyxBwV"
    });

    const balance = await client.getBalance();
    console.log("Balance:", balance);

    const result = await client.Solve(prosopoRequest);
    console.log("Captcha solution:", result);

    // Send token to the website
    await sendTokenToSite(result.solution); // result.solution contains the Procaptcha token
}

solveAndSend().catch(console.error);

There is also a great option to test captcha recognition using the CapMonster Cloud browser extension, which allows you to quickly check captcha functionality directly on the page and monitor the solution process in real-time without writing code – available for Chrome and Firefox.

How to connect Procaptcha to your website

To confidently understand captcha functionality on your site, understand the verification logic, and reconnect or reconfigure, we recommend reading this section. It describes the protection integration process and helps you quickly understand all nuances.

You can also integrate Procaptcha using popular frameworks (React, Angular, etc.) or install protection on WordPress. More information can be found in the official project documentation.

1. Obtain keys (sitekey and secret key)

1) Go to Prosopo Portal.
2) Go to Site Management
3) Click Reveal — two keys will appear:
- sitekey — public, used on the client side.
- secret key — private, use only on the server.

Important: Each widget has its own key pair. They cannot be reused for another project.

2. Add your domain

1) Go to Account → Domains.
2) Ensure your domain is listed.
3) If testing locally — add localhost.
4) Remove localhost before production.

3. Add Procaptcha script

Place the tag in <head>

<script type="module" src="https://js.prosopo.io/js/procaptcha.bundle.js" async defer></script>>

4. Option 1: Implicit rendering (automatic) — EASIER

Add a container where the captcha will appear automatically:

<div class="procaptcha" data-sitekey="your_site_key"></div>

Usually placed inside the form.

Example full form

<html>
    <head>
        <title>Procaptcha Demo</title>
        <script type="module" src="https://js.prosopo.io/js/procaptcha.bundle.js" async defer></script>
    </head>
    <body>
        <form action="" method="POST">
            <input type="text" name="email" placeholder="Email" />
            <input type="password" name="password" placeholder="Password" />
            <div class="procaptcha" data-sitekey="your_site_key"></div>
            <br />
            <input type="submit" value="Submit" />
        </form>
    </body>
</html>

After successful captcha verification, a hidden parameter will be added:

5. Option 2: Explicit rendering (manual) — MORE CONTROL

HTML example


<html>
    <head>
        <script
            type="module"
            id="procaptcha-script"
            src="https://js.prosopo.io/js/procaptcha.bundle.js"
            async
            defer
        ></script>
    </head>
    <body>
        <div id="procaptcha-container"></div>
    </body>
</html>

JavaScript example


document.getElementById('procaptcha-script').addEventListener('load', function () {
    function onCaptchaVerified(output) {
        console.log('Captcha verified, output: ' + JSON.stringify(output))
    }

    const captchaContainer = document.getElementById('procaptcha-container')

    window.procaptcha.render(captchaContainer, {
        siteKey: 'YOUR_SITE_KEY',
        theme: 'dark',
        callback: onCaptchaVerified,
    })
})

6. Set captcha type (optional)

Can be explicitly selected:

frictionless (default)
pow
image

For example:


<div class="procaptcha"
     data-sitekey="your_site_key"
     data-captcha-type="pow">
</div>

7. Mandatory: server-side token verification

After rendering the captcha, the server must verify the response. Verification is done via API:

POST

https://api.prosopo.io/siteverify

Request contents:

{
    "secret": "your_secret_key",
    "token": "PROCAPTCHA-RESPONSE"
}

8. Server-side verification in PHP

Example code:


<?php
function verifyToken($token) {
    $url = 'https://api.prosopo.io/siteverify';
    $data = json_encode(["secret" => "your_secret_key", "token" => $token]);
    $options = [
        'http' => [
            'header'  => "Content-Type: application/json\r\n",
            'method'  => 'POST',
            'content' => $data,
        ],
    ];
    $context  = stream_context_create($options);
    $result = file_get_contents($url, false, $context);
    $response = json_decode($result, true);

    return $response["verified"] ?? false;
}
?>

What is considered successful verification?

If the Procaptcha server returns:

{
    "verified": true
}

— Captcha passed, protected action can be performed (e.g., register a user).

Possible errors and debugging

Invalid Site Key

An incorrect or invalid site key is used. Solution: make sure you use the correct key found in the Procaptcha dashboard.

Unauthorized origin URL

The domain where the widget is installed does not match the domain linked to the site key. Solution: check and update the domain list in the Procaptcha portal.

Session not found

Session not found or expired. Solution: wait for the widget to reload (~3 seconds) or refresh the page. If the error persists, clear browser cache and cookies or contact support.

Response success=false

Token is expired, reused, or failed validation. For debugging, enable request logging and check the error field in the Procaptcha response.

Protection resilience checks

After integration, make sure the system really protects the site from automated actions.

Try sending a request without solving the captcha — the server should return success: false.

Perform load testing (e.g., using k6 or JMeter) at over 100 requests per second — the captcha should display correctly and the validation system remain stable.

Check server response for expired or reused token — the expected response should be 403 Forbidden.

Security and optimization tips

Keep the <b>Secret Key</b> only on the server. Never expose it to the client.

Keep the Secret Key only on the server. Never expose it to the client.

Log error codes <b>(error-codes)</b> to understand why specific verifications failed.

Log error codes (error-codes) to understand why specific verifications failed.

Add links at the bottom of forms to the <b>Privacy Policy</b> and <b>Procaptcha Terms of Use</b>, if required by your implementation.

Add links at the bottom of forms to the Privacy Policy and Procaptcha Terms of Use, if required by your implementation.

Conclusion

If you’ve taken over a website that already has a captcha or another protection system installed, but you don’t have access to the code, don’t worry! It’s quite easy to identify which technology is being used. To verify that everything works correctly, you can use the CapMonster Cloud recognition service in an isolated test environment to make sure that the token processing mechanism and the validation logic are functioning properly.

In the case of Prosopo Procaptcha, it’s enough to detect the system, observe its behavior, and confirm that the protection is working correctly. In this article, we showed how to identify Prosopo Procaptcha and where to find instructions on how to integrate or reconfigure it, so you can confidently maintain the protection and keep its operation under control.

Helpful links

Procaptcha Documentation →

Prosopo Portal →

CapMonster Cloud Documentation (working with Procaptcha) →

The CapMonster Cloud browser extension is available for Chrome and Firefox. Full installation and usage instructions are available here.

Prosopo Procaptcha and CapMonster Cloud

How to solve Procaptcha via CapMonster Cloud

Prosopo Procaptcha
and CapMonster Cloud