Mituyu weighs the humanity of your site visitors with a pop-up challenge.
First, sign up for Mituyu. This will give you access to your admin console, where you can set up an instance for the host names you want to use, and obtain public and private keys for steps 1 and 3 respectively.
Don't pay for anything yet - Mituyu will give you some free tokens to get started (and will top them back up monthly), and won't charge you for any traffic from localhost.
Include the Mituyu embed in your page's head element. The embed.js file is 130 bytes of JavaScript - it loads the rest when it's activated in the next step.
<head> … <script src="https://mituyu.com/embed.js" data-mituyu="your public key"></script> </head>To check your user is human, asynchronously call Mituyu - it does all the work and, if the user passes the test, returns a challenge code. Make sure it's the last thing you do before the form submit - the user has a minute to complete the challenge, and you have only 5 seconds beyond that to complete step 3.
try { var challenge = await mituyu(); your code to send the challenge id to your server } catch { error-condition, if the user fails or exits the challenge }We can't trust anything from the browser - to make sure the user actually passed the challenge, you need to check the result from your server-side code. This is where you hand over your private key as a bearer token in the Authorization header. You can only perform this check once - the act of checking the status disposes of the challenge.
curl https://mituyu.com/h/status/challenge id \ -H "Authorization: Bearer your private key"Interrogate the JSON result for the "status" property.
{ "id": "challenge id", "status": 1/0, depending on the challenge success }