Every capability, every plan tier.

Five capability areas. Every feature tagged to the plan tier where it lands.

Verification
Game ecosystem
Configuration
Automation
Analytics
Troops

Jump to a section, or scroll through.

Verification

Three layers of defense. Bots hit a wall. Real visitors glide through.

Explore Verification

The verification gates

Proof of workEvery attempt costs a bot real compute. Your visitors don't notice a thing. Bot farms feel every cycle.
Every plan
Browser instrumentationHeadless browsers and command-line scripts get spotted at the door. They never reach the game.
Every plan
Gaming anti-cheatA tiny game up front, with server-authoritative setup and a deterministic replay behind it.
Every plan

Integration surfaces

Drop-in web componentWorks in React, Vue, Svelte, Angular, or any vanilla HTML page. Drop in one tag.
Every plan
Runtime APIStart a challenge, confirm a pass, verify a token. Signed so your backend trusts the result. This is the API your widget and backend speak at verification time.
Every plan
Hosted verificationPoint your form at Caputchin. Results land in your inbox or hit your endpoint.
Alpha tier
Mobile WebView embedEmbeddable page for native app integration.
Every plan

Game ecosystem

Real games visitors actually play, with the SDK and customization to make them yours.

Explore Game ecosystem

Game SDKBuild your own challenge games against a stable, versioned SDK contract.
Every plan
Three distribution pathsInstall from our marketplace, self-host, or bundle directly into your app.
Every plan
MarketplaceBrowse community games in the marketplace. Any public repo can publish.
Every plan
Custom game configurationsPass runtime options (difficulty, asset slots, game-specific params) per site key. The game reads them at boot.
Every plan
Extended game localesLocale set beyond the default that ships with Solo.
Alpha tier
Custom game skinsBrand the challenge with your own colors and assets.
Alpha tier
White labelingRemove Caputchin branding from the widget entirely.
Apex tier

Configuration

The foundations: a dashboard for humans, site keys to wire into your pages, and the per-site controls that decide which requests even get a shot at verification.

Explore Configuration

DashboardThe browser UI for the humans on your team. Click through configuration without writing code.
Every plan
Site keysCreate, rotate, and tune the per-site verification configuration. One per site, decoupled from your account.
Every plan
Per-second rate limitCap the flood per site key. Tune the ceiling down whenever you want.
Every plan
Origin allowlistOnly your own domains get to ask. Everyone else bounces.
Every plan
Required headersReject anything missing the headers a real browser always sends.
Every plan

Automation

The platform's programmatic surfaces: a REST management API for code, an MCP server for AI agents, a Terraform provider for IaC. Plus the access tokens that drive them all.

Explore Automation

REST management APIPublic OpenAPI spec, codegen-ready. Everything the dashboard does, accessible from any language. Distinct from the Runtime API used during verification.
Every plan
MCP serverRun our hosted server or install the npm package. Let AI agents drive your setup safely.
Every plan
Terraform providerPublished to the Terraform Registry. Manage Caputchin from your existing IaC.
Every plan
Personal Access TokenOne account-level token, free, one active at a time. The default key for everything programmatic.
Every plan
Troop Access TokensPer-troop scoped tokens for code or agents. Seat-bearing, minted at the account level.
Troop tier

Analytics

Aggregate numbers on every plan. Session-level detail when you need it. Audit logs when compliance asks.

Explore Analytics

Aggregate counters and master chartsSee how many visitors started a challenge, passed it in-browser, and cleared your server check. Funnel view with drop-off rates.
Every plan
Per-session detailsScore, duration, and outcome for each verification session. Inspect any session in the dashboard.
Alpha tier
Hosted verification analyticsSubmission counts and outcomes for forms routed through hosted verification.
Alpha tier
Audit logsThree independent logs (account, troop, and site key) covering config changes and authorization failures.
Apex tier

Troops

Share site keys with your team without sharing the keys themselves. Per-member permissions, one shared seat pool.

Explore Troops

Custom troopsUnlimited multi-member troops that hold site keys and members.
Troop tier
PermissionsCreate, edit, read, and manage. Each permission is independent. Granting one doesn't grant the rest.
Troop tier
Troop Access TokensMachine principals scoped per troop. One seat per token.
Troop tier
Shared seat poolOne fungible pool for users and access tokens, typed at assignment.
Troop tier
Self-serve seat purchaseAdd seats from inside the dashboard, no sales touch required.
Troop tier

Our philosophy

Permissive, open, minimal.

One posture, seen from three sides. We give you the most control we can, show you exactly how it works, and ask for the least we can in return.

Permissive

Bend the widget however you like, on any plan including free Solo. Paid tiers buy the managed dashboard and the reach, never the raw capability.

Open

The widget and SDK are open source, Apache-2.0, developed in the open on GitHub. Read every line, fork it, send a pull request.

Minimal

No visitor profile, no fingerprint, no tracking. The architecture cannot collect it, by design, not by policy.

Read our philosophy

The three absences behind minimal

No behavioral telemetry

Caputchin does not watch your visitors across sessions. There is no fingerprint, no risk score, no cohort.

No IP, UA, or fingerprint

Visitor IP is not forwarded across our worker boundary. User-Agent, geolocation, and device signals are never collected.

No soft delete

When you remove an entity, the rows go with it, including their audit log entries. No soft-delete shadow copy, no restore-from-trash.

See the full posture in Compliance.

Ship your first challenge today.

Start free