Sitekeys API

Base URL: https://api-app.eu-captcha.eu/myra-auto-app-api

All endpoints require a valid Authorization: Bearer <token> header. See API Authentication.

List sitekeys

Returns all sitekeys accessible to the authenticated user.

GET /captcha_sitekeys

Response:

{
  "member": [
    {
      "id": 42,
      "siteKey": "pk_abc123...",
      "label": "Production - Login",
      "domain": "example.com",
      "train": true,
      "initial_difficulty": 1,
      "initial_delay": 5,
      "max_parallel": 3
    }
  ],
  "totalItems": 1
}

Get a sitekey

GET /captcha_sitekeys/{id}

Response: A single sitekey object (same shape as above, plus secret for owners).

The secret field is only returned to the sitekey owner.

Create a sitekey

POST /captcha_sitekeys
Content-Type: application/ld+json

{
  "label": "My Website",
  "domain": "example.com"
}

Fields:

Field	Required	Description
`domain`	✓	Hostname without protocol, e.g. `example.com`
`label`	—	Optional descriptive name

Response: 201 Created with the new sitekey object including the generated siteKey and secret values.

Update a sitekey

Partial update using JSON Merge Patch.

PATCH /captcha_sitekeys/{id}
Content-Type: application/merge-patch+json

{
  "label": "New Label"
}

Patchable fields:

Field	Type	Description
`label`	string	Display name
`train`	boolean	Protection enabled (`true`) or disabled (`false`)
`initial_difficulty`	integer (0–3)	Starting difficulty for new IPs
`initial_delay`	integer (3–30)	Delay in seconds before challenge can be submitted
`max_parallel`	integer (1–10)	Max concurrent challenges per IP

Response: 200 OK with the updated sitekey object.

Delete a sitekey

DELETE /captcha_sitekeys/{id}

Response: 204 No Content

Sitekey permissions

List permissions

GET /sitekey-permissions?sitekey_id={id}

Response:

{
  "member": [
    {
      "id": 7,
      "email": "colleague@example.com",
      "firstname": "Jane",
      "lastname": "Doe",
      "permission": "write",
      "created_at": "2025-05-01T10:00:00Z"
    }
  ]
}

Grant permission

POST /sitekey-permissions
Content-Type: application/json

{
  "sitekey_id": 42,
  "email": "colleague@example.com",
  "permission": "read"
}

Valid permission values: "write", "read"

Response: Permission object with confirmation.

Update permission

PATCH /sitekey-permissions/{permissionId}
Content-Type: application/merge-patch+json

{
  "permission": "write"
}

Remove permission

DELETE /sitekey-permissions/{permissionId}

Response: 204 No Content

Additional secrets

List secrets

GET /captcha-secrets/{sitekeyId}

Add a secret

POST /captcha-secrets
Content-Type: application/json

{
  "sitekey": "/captcha_sitekeys/{id}"
}

A new secret is generated server-side and returned in the response. Store it immediately — it will be masked on subsequent requests.

Delete a secret

DELETE /captcha-secrets/{secretId}

Response: 204 No Content