Prosopo Procaptcha
and CapMonster Cloud

Captcha solution, website installation, and testing.

Pricing of Prosopo Procaptcha solution

CAPTCHA
Price (USD)
$ 1.30
1000 tokens
Inherited a site with a captcha or another protection layer but no access to the source code? In that case you naturally ask: which solution is installed, is it configured correctly, and how can the workflow be tested?

In this article, we have tried to answer all the key questions. The first step in solving the task is to determine which protection system is being used. To do this, you can refer to the list of popular captchas and anti-bot protection systems, where you will find visual examples and key indicators that help you quickly understand what you are dealing with.

If you discover that your site uses Prosopo Procaptcha, the next step is to study its properties and operation in more detail. In this article, you can also review the instructions on how to integrate Prosopo Procaptcha so that you fully understand how it functions on your site. This will help you not only understand the current protection, but also properly plan its maintenance.

What is Procaptcha
What is Procaptcha
Procaptcha is a protection system from Prosopo designed to prevent spam and automated actions that could harm a website. It helps distinguish real users from bots, ensuring website security and stability. If the system doubts the authenticity of a visitor, it provides a verification task (e.g., selecting specific images). Real users can still use the website conveniently and without interruption.
Background
Examples of Prosopo Procaptcha
Frictionless CAPTCHA
Frictionless CAPTCHA
Invisible captcha. Automatically determines if the visitor is a real user or a bot. If the user behaves naturally (normal browser, no automation), the captcha is solved unobtrusively. If bot signs are detected, the user is shown an additional image task.
Proof of Work (PoW) CAPTCHA
Proof of Work (PoW) CAPTCHA
Computation-based captcha, i.e., it makes your device solve a small computational task in the background. The main goal is to stop mass bots and spam, as automated systems have to spend time and resources completing the task. For humans, it is usually almost unnoticeable.
Image CAPTCHA
Image CAPTCHA
Classic visual captcha. Displays images and asks to select those that meet the condition (e.g., 'select all horses').

How to solve Procaptcha via CapMonster Cloud

When testing forms that include Prosopo Procaptcha, you often need to verify that the captcha works and is integrated correctly.

You can verify the captcha embedded on your site manually.

  • Open the form page and make sure the captcha renders.
  • Try submitting the form without solving it — the server should return an error.
  • After a successful solution, the form must be submitted without issues.

For automatic solving you can use tools like CapMonster Cloud, which accepts captcha parameters, processes them on its servers, and returns a ready-to-use token. Insert this token into the form to pass the check without user interaction.

Working with CapMonster Cloud via API typically involves the following steps:

Creating a taskCreating a task
arrow
Sending an API requestSending an API request
arrow
Receiving the resultReceiving the result
arrow
Placing the token on the pagePlacing the token on the page
arrow
Procaptcha recognition using ready-made libraries
CapMonster Cloud provides ready-to-use libraries for convenient work in Python, JavaScript (Node.js), and C#.
Python
JavaScript
C#
Solve captcha, insert token, and submit form
Node.js example for the full cycle of captcha recognition on your web page. Possible approaches: use HTTP requests to get HTML and captcha parameters, submit the response and process the result; or use automation tools (e.g., Playwright) — open the page, wait for captcha, submit parameters (for testing you can send correct or incorrect data), get the result via the CapMonster Cloud client, insert the token into the form, and see the result.

async function sendTokenToSite(token) {
    // Form URL or endpoint where the token should be sent
    const formURL = "https://example..com/en/your-form-endpoint";

    // Example form data
    const formData = {
        email: "example@example.com",
        password: "yourpassword",
        "procaptcha-response": token // Procaptcha token
    };

    try {
        const response = await fetch(formURL, {
            method: "POST",
            headers: {
                "Content-Type": "application/json", // или 'application/x-www-form-urlencoded' depending on the website
            },
            body: JSON.stringify(formData),
        });

        const result = await response.text(); // or response.json() if the server returns JSON
        console.log("Server response:", result);
    } catch (err) {
        console.error("Error sending token:", err);
    }
}

// Main function
async function solveAndSend() {
    const client = CapMonsterCloudClientFactory.Create(
        new ClientOptions({ clientKey: API_KEY })
    );

    const prosopoRequest = new ProsopoRequest({
        websiteURL: "https://example.com/en/",
        websiteKey: "5EZU3LG31uzq1Mwi8inwqxmfvFDpj7VzwDnZwj4Q3syyxBwV"
    });

    const balance = await client.getBalance();
    console.log("Balance:", balance);

    const result = await client.Solve(prosopoRequest);
    console.log("Captcha solution:", result);

    // Send token to the website
    await sendTokenToSite(result.solution); // result.solution contains the Procaptcha token
}

solveAndSend().catch(console.error);

How to connect Procaptcha to your website
To confidently understand captcha functionality on your site, understand the verification logic, and reconnect or reconfigure, we recommend reading this section. It describes the protection integration process and helps you quickly understand all nuances.

1. Obtain keys (sitekey and secret key)

  • 1) Go to Prosopo Portal.
  • 2) Go to Site Management
  • 3) Click Reveal — two keys will appear:
    • sitekey — public, used on the client side.
    • secret key — private, use only on the server.
Important: Each widget has its own key pair. They cannot be reused for another project.

2. Add your domain

  • 1) Go to Account → Domains.
  • 2) Ensure your domain is listed.
  • 3) If testing locally — add localhost.
  • 4) Remove localhost before production.

3. Add Procaptcha script

Place the tag in <head>

<script type="module" src="https://js.prosopo.io/js/procaptcha.bundle.js" async defer></script>>

4. Option 1: Implicit rendering (automatic) — EASIER

Add a container where the captcha will appear automatically:

<div class="procaptcha" data-sitekey="your_site_key"></div>

Usually placed inside the form.

Example full formExample full form
arrow

After successful captcha verification, a hidden parameter will be added:

5. Option 2: Explicit rendering (manual) — MORE CONTROL

HTML exampleHTML example
arrow
JavaScript exampleJavaScript example
arrow

6. Set captcha type (optional)

Can be explicitly selected:

  • frictionless (default)
  • pow
  • image

For example:


<div class="procaptcha"
     data-sitekey="your_site_key"
     data-captcha-type="pow">
</div>

7. Mandatory: server-side token verification

After rendering the captcha, the server must verify the response. Verification is done via API:

POST
https://api.prosopo.io/siteverify

Request contents:

{
    "secret": "your_secret_key",
    "token": "PROCAPTCHA-RESPONSE"
}

8. Server-side verification in PHP

Example code:Example code:
arrow

What is considered successful verification?

If the Procaptcha server returns:

{
    "verified": true
}

Captcha passed, protected action can be performed (e.g., register a user).

Background
Possible errors and debugging
Bug Icon
Invalid Site Key
An incorrect or invalid site key is used. Solution: make sure you use the correct key found in the Procaptcha dashboard.
Bug Icon
Unauthorized origin URL
The domain where the widget is installed does not match the domain linked to the site key. Solution: check and update the domain list in the Procaptcha portal.
Bug Icon
Session not found
Session not found or expired. Solution: wait for the widget to reload (~3 seconds) or refresh the page. If the error persists, clear browser cache and cookies or contact support.
Bug Icon
Response success=false
Token is expired, reused, or failed validation. For debugging, enable request logging and check the error field in the Procaptcha response.
Protection resilience checks
After integration, make sure the system really protects the site from automated actions.
Security and optimization tips
Keep the <span class="font-bold">Secret Key</span> only on the server. Never expose it to the client.
Log error codes <span class="font-bold">(error-codes)</span> to understand why specific verifications failed.
Add links at the bottom of forms to the <span class="font-bold">Privacy Policy</span> and <span class="font-bold">Procaptcha Terms of Use</span>, if required by your implementation.
Conclusion

If you’ve taken over a website that already has a captcha or another protection system installed, but you don’t have access to the code, don’t worry! It’s quite easy to identify which technology is being used. To verify that everything works correctly, you can use the CapMonster Cloud recognition service in an isolated test environment to make sure that the token processing mechanism and the validation logic are functioning properly.

In the case of Prosopo Procaptcha, it’s enough to detect the system, observe its behavior, and confirm that the protection is working correctly. In this article, we showed how to identify Prosopo Procaptcha and where to find instructions on how to integrate or reconfigure it, so you can confidently maintain the protection and keep its operation under control.

Conclusion
Helpful links
DocIconProcaptcha DocumentationDocIconProsopo PortalDocIconCapMonster Cloud Documentation (working with Procaptcha)

Frequently Asked Questions about Prosopo Procaptcha

Procaptcha uses three verification types and chooses the most appropriate one based on the risk level of the visitor's session:

  • Frictionless CAPTCHA: Runs in the background and verifies the visitor invisibly if their browser signals and behavior look human. Suspicious sessions can be escalated to a visible challenge.
  • Proof of Work (PoW) CAPTCHA: Gives the visitor's device a small computational task, which makes large-scale automated requests more costly while staying almost unnoticeable for real users.
  • Image CAPTCHA: Shows a visual challenge, such as selecting all images that match a prompt like "Select all horses."

You can specify the verification mode using the data-captcha-type attribute on the widget div. Set it to frictionless for invisible background checks, pow for the Proof of Work puzzle, or image for the classic image-selection challenge.

For example:

<div class="procaptcha"
     data-sitekey="your_site_key"
     data-captcha-type="pow">
</div>

The value of your client-side data-captcha-type must strictly match the CAPTCHA type configured in your Prosopo Portal account settings.

Yes, you can integrate the solution into any Python script using universal HTTP requests.

Request a task ID: Send a POST request to the createTask endpoint with your API key, target websiteURL, and websiteKey.

{
  "clientKey": "YOUR_API_KEY",
  "task": {
    "type": "ProsopoTask",
    "websiteURL": "https://example.com",
    "websiteKey": "SITE_KEY"
  }
}

Poll for the result: Send the received taskId to the getTaskResult endpoint until the status is ready.

{
  "clientKey": "YOUR_API_KEY",
  "taskId": 123456789
}

Use the token: Extract the string from the solution object and pass it as the procaptcha-response value in your HTTP payload (requests, aiohttp) or inject it into the DOM (Playwright, Puppeteer, Selenium).

Procaptcha supports a data-callback attribute on the widget div for implicit rendering, or a callback property in the config object for explicit rendering.

The function you specify is called automatically once the captcha is solved, receiving the token string as its first argument — at that point you can enable the submit button, trigger an AJAX request, or store the token in component state.

Using a callback is generally cleaner than polling the procaptcha-response field, since it eliminates race conditions between widget resolution and form submission timing.

Playwright, Puppeteer or Selenium are compatible approaches for automating the injection of solved Procaptcha tokens. The general flow is identical:

  1. Navigate to the target page
  2. Wait for the Procaptcha widget to load
  3. Request a token from CapMonster Cloud via its API (or client SDK)
  4. Inject the returned token into the page using the framework's native DOM manipulation methods before triggering form submission.