Tencent CAPTCHA Configuration

Tencent CAPTCHA is a widely used security service developed by Tencent Holdings Limited in China. It helps protect your application from automated bot attacks while offering a smooth user experience. LoginRadius supports Tencent CAPTCHA to guard against fraudulent activities such as account abuse, brute-force attempts, and DDoS threats.

To integrate Tencent CAPTCHA into your LoginRadius authentication flows, you must register for Tencent CAPTCHA, configure it in the LoginRadius Admin Console, and pass the validation token in your API requests.

Refer to Tencent CAPTCHA documentation for widget setup and frontend integration instructions.

Configuration

This section walks you through obtaining your Tencent CAPTCHA credentials, configuring them within the LoginRadius Admin Console, and enabling CAPTCHA protection for specific authentication flows.

Get CAPTCHA Credentials

• Get Tencent CAPTCHA Credentials
• To begin:
  • Ensure you have a QQ account. Create one here if needed.
  • Log in to the Tencent CAPTCHA Console.
  • Register your application by filling out the required details.
  • After verification, you'll receive:
    • App ID
    • App Secret Key

Configure in LoginRadius

Once you have your credentials:

• Log in to the LoginRadius Admin Console.
• Go to Security > Attack Protection > Bot Protection > CAPTCHA Providers and select Tencent CAPTCHA Configuration.
• Enter your App ID and App Secret Key.
• Click Save to apply changes.

Enable for Authentication

To apply CAPTCHA protection to specific authentication APIs:

• Go to Security Settings in the Admin Console.
• Navigate to Security > Bot Protection.
• Expand the Bot Protection Allowed On APIs section.
  • Login
  • User Registration
  • Forgot Password and Any other applicable API
• Click Save.

CAPTCHA Integration by Use Case

Before starting, render the CAPTCHA widget on your UI using Tencent’s frontend SDK. Once a user completes the challenge, a validation token is generated. This token should be submitted using the relevant LoginRadius API request.

Refer to the Tencent CAPTCHA integration guide for frontend widget setup and token handling.

Captcha Implementation on Registration Form

Integrate Tencent CAPTCHA with your user registration process to prevent automated sign-ups using either the LoginRadius API or JavaScript SDK.

Using LoginRadius API

Pass the Tencent CAPTCHA response token in the Registration API call:

{
  "email": "[email protected]",
  "password": "UserPassword123",
  "tencent_captcha_response": "VALIDATION_TOKEN"
}

Endpoint

POST https://api.loginradius.com/identity/v2/auth/register

Using JS Library

Use the following hook to inject Tencent CAPTCHA into the registration form:

LRObject.$hooks.register('beforeFormRender', function(name, schema) {
  if (name === 'registration') {
    LRObject.util.addTencentCaptchaJS();
    LRObject.util.captchaSchema("loginradius-tencent_widget_registration", schema);
  }
});

Hosted Page Integration

To use Tencent CAPTCHA in Hosted Pages:

• Go to Branding > Hosted Pages in the Admin Console.
• Select Authentication Pages.
• Open the Before Script section.
• Add the configuration:

var options = {};
options.apiKey = "<Your LoginRadius API key>";
options.appName = "<Your LoginRadius Site Name>";
options.tencentCaptchaAppid = "<TENCENT_CAPTCHA_APP_ID>";
options.tencentCaptcha = true; // Enable Tencent CAPTCHA
// options.tencentCaptchaAsFallback = true; // Use Tencent CAPTCHA only if Google reCAPTCHA fails
var LRObject = new LoginRadiusV2(options);

⚠️ Only one of tencentCaptcha or tencentCaptchaAsFallback should be enabled at a time.

Custom Sites Integration

If you're embedding LoginRadius on a custom website:

1. Include the LoginRadius JS library:

<script src="https://auth.lrcontent.com/v2/js/LoginRadiusV2.js" async defer></script>

2. Configure Tencent CAPTCHA via options object:

var options = {};
options.apiKey = "<Your LoginRadius API key>";
options.appName = "<Your LoginRadius Site Name>";
options.tencentCaptchaAppid = "<TENCENT_CAPTCHA_APP_ID>";
options.tencentCaptcha = true;
var LRObject = new LoginRadiusV2(options);

Captcha Implementation on Login Form

Secure your login flow by validating Tencent CAPTCHA tokens before authenticating users through API or SDK methods.

Using LoginRadius API

Pass the Tencent CAPTCHA response token in your Login API request:

{
  "email": "[email protected]",
  "password": "UserPassword123",
  "tencent_captcha_response": "VALIDATION_TOKEN"
}

Using JS Library

Use the following hook to inject Tencent CAPTCHA into the login form:

LRObject.$hooks.register('beforeFormRender', function(name, schema) {
  if (name === 'login') {
    LRObject.util.addTencentCaptchaJS();
    LRObject.util.captchaSchema("loginradius-tencent_widget_login", schema);
  }
});

Captcha Implementation on Forgot Password

Protect the password recovery process by requiring users to complete Tencent CAPTCHA verification before initiating a reset.

Using LoginRadius API

Pass the Tencent CAPTCHA response token in your Forgot Password API request:

{
  "email": "[email protected]",
  "tencent_captcha_response": "VALIDATION_TOKEN"
}

Using JS Library

Use the following hook to inject Tencent CAPTCHA into the Forgot Password form:

LRObject.$hooks.register('beforeFormRender', function(name, schema) {
  if (name === 'forgotpassword') {
    LRObject.util.addTencentCaptchaJS();
    LRObject.util.captchaSchema("loginradius-tencent_widget_forgotpassword", schema);
  }
});

Related Resources

• Google reCAPTCHA Configuration
• hCaptcha Configuration
• Customer Security