Our revolutionary Zero Database architecture fundamentally transforms CAPTCHA verification efficiency through memory-based processing. Unlike traditional CAPTCHA systems that rely on database queries for each verification step, CaptchaText performs all validations directly in memory using our proprietary Hybrid In-Memory Indexing (Hybrid IMI) engine. This means when validating a request, we're not waiting for database reads or writes - every verification happens in real-time at memory speed. Through memory indexing, we validate each IP against our LIVE blacklist of over 200,000 malicious addresses in nanoseconds, eliminating the millisecond delays of traditional database queries.

Traditional database-dependent CAPTCHA services face inherent limitations due to database connection overhead, query processing times, and infrastructure scaling challenges. Each verification requires multiple database operations: checking the token, validating the IP, recording the attempt, and updating records. In contrast, CaptchaText's memory-based architecture eliminates these bottlenecks entirely. Our system can theoretically handle thousands of handshakes per second per server, as we're only limited by memory access speeds rather than database I/O. This architectural advantage means we can maintain consistent, high-speed performance even under extreme load conditions, while traditional systems would struggle with database connection limits and query queues.

Our ability to handle unlimited CAPTCHA Assessments and Evaluations stems from our advanced token pool management system and understanding of real-world Conversion Rate (CVR) patterns. In typical high-traffic scenarios like university registrations or event signups, the maximum forced signup CVR ranges between 8-10%. This means that from a pool of 10,000 visitors, approximately 800-1,000 will complete the signup process simultaneously.

Our system is designed to accommodate these peak scenarios through our configurable token pool system, which can manage up to 1000 concurrent tokens every 5 minutes. However, what makes our system truly unlimited is our innovative token recycling mechanism. The token pool isn't a fixed capacity - as tokens are verified and used, they're immediately removed from the pool, making room for new token generation. This dynamic recycling means that in practice, with optimal token turnover, we can handle over 2,500 successful signups within each 5-minute interval. Through our intelligent token recycling system, verified tokens are instantly removed and replaced, ensuring continuous availability for new verifications. This means we can effectively handle unlimited traffic while maintaining strong security measures against automated attacks.

For security purposes, each API key is strictly bound to its registered domain and cannot be used across multiple domains. This one-to-one relationship between domains and API keys ensures proper security isolation and prevents unauthorized usage. The binding process validates both the domain name and its corresponding API key during every verification request, making it impossible to use the same key on different domains. This strict domain validation is a critical security feature that protects against key theft and unauthorized implementations, ensuring that your CAPTCHA security remains uncompromised.

When implementing CaptchaText across multiple domains, each domain requires its own unique API key through separate registrations. For example, if you manage multiple websites like example.com, example.net, and example.org, you'll need to register each domain individually to receive separate API keys. This approach maintains distinct security boundaries between different domains, even if they're owned by the same organization. The registration process is straightforward for each domain, and you can manage all your domain API keys independently while maintaining the highest level of security for each implementation.

This message appears when the system detects abnormal verification patterns on your website. It means your security tokens are being consumed at an unusually high rate, typically due to automated attacks or sudden traffic spikes. The system automatically resolves this within 5 minutes once traffic patterns normalize. For high-traffic websites, you can adjust the token pool size in your .well-known configuration to better handle regular traffic volumes.

The token pool system starts with a default size of 100 concurrent tokens but can be scaled up to 1000 tokens for high-traffic situations. This configuration is managed through the TP parameter in your .well-known file. The system includes an automatic token recycling mechanism that efficiently manages token availability, ensuring smooth operation even during peak traffic periods.

CaptchaText offers extensive customization options to perfectly match your website's design aesthetic. Our system comes with seven professionally designed themes - dark, light, golden, metallic, cyberpunk, greenscape, and classic - each crafted to complement different website styles. For more precise branding alignment, you can utilize custom hex color codes to define specific background gradients and text colors. The interface supports up to three gradient color points for creating unique visual effects, or you can opt for a solid color background.

The system provides three versatile size variations to accommodate different layout requirements. The default size (400px width) offers a full-featured interface ideal for standard forms. The mini variation (150px width) provides a compact yet functional solution perfect for smaller forms or sidebar integrations, while the micro size (60px width) delivers an ultra-compact option ideal for space-constrained layouts. All size variations automatically expand to show the full verification interface when activated, ensuring a consistent user experience regardless of the initial display size. These options, combined with optional gradient animations, allow you to create a verification interface that not only enhances security but also contributes to your site's professional appearance. ( Full Docs )

Finding your domain already registered shouldn't be a concern since our advanced security system ensures API keys only function when called from their specifically registered domains. This means even if someone else has registered your domain's API key, they cannot use it on their website. The domain-binding security feature ensures that API keys are strictly validated against their registered domains, making it impossible for unauthorized parties to use your domain's API key on other websites. Your website's security remains completely uncompromised, and you can continue using your existing API key without any interruption.

If you prefer to have a new API key issued for your domain, our support team is ready to assist. Simply create a support ticket explaining your request for a new API key, and our technical team will review your domain ownership verification. Once verified, we can issue a fresh API key while maintaining your existing key's functionality until you're ready to transition. This ensures zero downtime during the key transition process and provides you with complete control over your domain's security implementation. Our support team typically processes such requests within 24 hours to ensure minimal wait time.

CaptchaText offers three distinct security levels to match your specific verification needs. The Easy level presents a single-word challenge, perfect for frequent user interactions like login pages. The Medium level, our default setting, requires two-word verification, providing balanced security for most applications. The Hard level implements a three-word challenge, ideal for high-security pages like user registration or sensitive form submissions. Each level maintains high security while adjusting the verification complexity to match your requirements.

These security levels can be configured through the .well-known/captchatext.dat file, allowing both global and page-specific settings. For example, you can set an Easy level for your login page to ensure quick access for returning users, while implementing Hard level security for registration pages to prevent automated account creation. This granular control is achieved through path-based rules - simply specify the URL path and desired security level in the configuration file. You can set a base difficulty level for your entire site and then override it for specific pages or directories, ensuring optimal balance between user experience and security across different sections of your website. ( Full Docs )

CaptchaText provides comprehensive control over CAPTCHA placement and behavior through several intuitive methods. For precise positioning, you can use HTML comments as position markers to specify exactly where you want the CAPTCHA to appear within your forms. This is particularly useful for maintaining specific layouts or when working with complex form designs. For forms requiring unique identification, our numbered positioning system allows you to assign specific numbers (1-99) to different forms using data attributes, ensuring each CAPTCHA appears exactly where intended. This feature is especially valuable when managing multiple forms on a single page.

Furthermore, you have complete control over which forms include CAPTCHA verification. Forms can be selectively excluded from CAPTCHA protection by using simple HTML comments - just place <!-- CaptchaText Disabled --> within any form you want to exclude. For more complex implementations with multiple forms, you can use numbered disable comments like <!-- CaptchaText3 Disabled --> to exclude specific forms while maintaining protection on others. This granular control allows you to implement security measures exactly where needed, whether you're managing a simple contact form or a complex multi-form application with varying security requirements. ( Full Docs )

Our Free plan provides complete access to all CaptchaText premium features and functionality without any restrictions. Users get full access to token pool control, support for 23 languages, customization options, and all security features including our advanced Hybrid IMI memory-based processing and real-time IP validation against our extensive LIVE blacklist of over 200,000 malicious IP addresses. The only difference in the Free plan is the renewal process - users need to manually renew their API key every 30 days through our website interface, which takes just a few clicks. ( try renewal with "demo.com", auto-resets every 2 minutes )

The paid plans simply offer convenience features rather than additional functionality. The Prime plan eliminates the need for manual renewals by providing automatic API key renewal through our billing system. The Elite plan offers the same features plus the option to remove CaptchaText branding and backlinks from the verification interface. Both Free and paid plans maintain identical performance, security standards, and feature access - ensuring you can implement enterprise-grade CAPTCHA protection regardless of your chosen plan.

The renewal process is straightforward but has specific timing requirements. API keys expire after 30 days and can only be renewed after expiration - not before. To renew, simply visit CaptchaText.com and search for your domain name. Once your key has expired, a renewal button will appear. This process ensures regular verification of domain ownership and maintains security protocols while keeping the service free.

To help users understand the renewal process before implementing it on their live domains, we provide a demo facility using "demo.com". This demonstration domain is automatically reset to 35 days every 2 minutes, allowing users to experience and test the complete renewal workflow. By searching for "demo.com" on CaptchaText.com, you can observe how the renewal button appears and understand the entire process, making it easier to manage renewals for your actual domain when needed.