Widget Endpoints
These endpoints are used by the SilentShield client-side widget. You typically don't need to call them directly — the widget handles this automatically.
Base URL: https://api.silentshield.io
POST/api/v1/captcha/init
Initializes a new protection session for the current page. Returns a session ID and configuration.
Auth: API Key (X-Api-Key header)
Request Body:
{"domain": "example.com", "page": "/contact"}Response:
{"sessionId": "sess_abc123", "features": {"telemetry": true, "pow": true, "honeypot": true}, "threshold": {"suspicious": 0.6, "block": 0.3}}This endpoint does not count toward your quota.
POST/api/v1/captcha/telemetry
Submits behavior telemetry data (mouse movements, typing patterns, scroll behavior) for analysis.
Auth: API Key (X-Api-Key header)
Request Body:
{"sessionId": "sess_abc123", "events": [{"type": "mousemove", "ts": 1234567890, "data": {...}}]}Response:
{"received": true}This endpoint does not count toward your quota. Data is analyzed in real time.
POST/api/v1/captcha/verdict
Requests a verdict for the current session based on collected telemetry data.
Auth: API Key (X-Api-Key header)
Request Body:
{"sessionId": "sess_abc123"}Response:
{"verdict": "human", "score": 0.92, "nonce": "nonce_xyz789", "challengeRequired": false}This endpoint counts as a captcha_shown event if a challenge is triggered.
POST/api/v1/captcha/verify-nonce
Verifies a nonce generated by the widget. Call this from your server to confirm the form submission is legitimate.
Auth: API Key (X-Api-Key header)
Request Body:
{"nonce": "nonce_xyz789"}Response:
{"valid": true, "verdict": "human", "score": 0.92, "timestamp": "2025-01-15T10:30:00Z"}This endpoint counts toward your quota. Nonces are single-use and expire after 5 minutes.