Shibboleth Quick Start

We have developed a Java client to simplify some of these operations. If you'd like to access this client please contact us.

To get started, create a CAPTCHA:

curl -s -H "X-NTK-KEY: $your_key_here" -d "options={type: 'BASIC'}" \
"https://api.nettoolkit.com/v1/shibboleth/captchas"

The server may return JSON output like the following:

{
  "code":1000,
  "results":[{
    "id":"aDb5RwxQbdYkgovtL7vFtRPwuHxEhwsQ97jmvG6Lnux85gyI2fD98z2p_pcP6xMCE",
    "type":"BASIC",
    "displayInformation":{
        "caption":"Type all of the characters"
    }
  }]
}

With JavaScript

For the advanced CAPTCHAs that require JavaScript, displayInformation is a JSON object that instructs the client JavaScript on how to initialize the CAPTCHA and should simply be passed from the server output to the CAPTCHA initialization. The JavaScript-based CAPTCHAs require the id of an HTML element to specify where the CAPTCHA should appear (specified through the JSON key elementId).

<!DOCTYPE html>
<html>
    <head>
        <link rel="stylesheet" href="https://api.nettoolkit.com/shibboleth/all-captcha-0.0.1.css" />
    </head>
    <body>
        <div id="demo"></div>
        <form action="your_url_here" onsubmit=handleClick()>
            <button type="submit">Verify</button>
        </form>
        <script type="text/javascript" src="https://api.nettoolkit.com/shibboleth/all-captcha-0.0.1.js?key=your_ntk_api_key_here"></script>
        <script type="text/javascript">
            const basicCaptcha = new Captcha.Captcha({
                elementId: "demo",
                captchaId: "aDb5RwxQbdYkgovtL7vFtRPwuHxEhwsQ97jmvG6Lnux85gyI2fD98z2p_pcP6xMCE",
                type: "BASIC",
                displayInformation: {
                    caption: "Type all of the characters",
                }
            });
            function handleClick() {
                const key = basicCaptcha.getUserAttempt();
                // Send key to your server
            }
        </script>
    </body>
</html>

No JavaScript

For CAPTCHAs that do not require JavaScript, the CAPTCHA id is used to retrieve the static image (https://api.nettoolkit.com/shibboleth/images/[id]).

<!DOCTYPE html>
<html>
    <body>
        <img src="https://api.nettoolkit.com/shibboleth/images/aDb5RwxQbdYkgovtL7vFtRPwuHxEhwsQ97jmvG6Lnux85gyI2fD98z2p_pcP6xMCE">
        <form action="your_url_here">
            <input type="text" name="key" value="key">
            <button type="submit">Verify</button>
        </form>
    </body>
</html>

After the client submits an attempt, your server can submit the client's attempt for verification.

curl -s -H "X-NTK-KEY: $your_key_here" -d "submitted_key=nhyY3r6" \
"https://api.nettoolkit.com/v1/shibboleth/captchas/aDb5RwxQbdYkgovtL7vFtRPwuHxEhwsQ97jmvG6Lnux85gyI2fD98z2p_pcP6xMCE/verification"

The server may return something like the following, indicating that the client's attempt was successful:

{
  "code":1000,
  "query":{
    "submitted_key":"nhyY3r6"
  },
  "results":[{
    "pass":true
  }]
}