If you're here, it's because you're happy validating Anubis' result on your own. This is the way Anubis was originally designed to be implemented, either by having it augment a web form, or driving the entire process by Javascript and interactive with your own API.
You can augment a form by adding Anubis to its onsubmit event:
<form onsubmit="return anubis(this)" > When the form is ultimately submitted, a new value will be added - _anubis that will return the challenge result you need to test.
Alternatively, if you're not using simple HTML forms, or would just like more control over your own app, you can drive Anubis with Javascript. For the sake of this example, let's assume you have two functions - success and failure. In all of the following examples, Anubis calls the success function with the result string, or the failure function with no parameters if the user ultimately fails the test:
| callback | anubis(success, failure); |
| promise | anubis().then(success).catch(failure); |
| async | success(await anubis()) |
It's up to you to pass this result to your server-side code any way you please, at which point you can test it with the Anubis API.
In order to test whether the user passed the Anubis challenge, you need to issue a GET request to the Anubis validation endpoint. For this, you'll need to incorporate the secret key from your instance into your request:
https://anubis.zehuti.com/response/secret-key/result You can see this in action on the CAPTCHA page.
The endpoint will return a JSON-formatted string for the result, with the following fields:
| success | boolean | indicates whether the user passed the challenge |
| message | string | any additional messages (useful in the event of a fail) |
| result | string (deprecated) | either "success" or "fail" depending on whether the user passed the challenge |
| error | string (deprecated) | the error message if the user failed |
It's important to remember that you can only perform challenge tests server-side - any calls to the /response endpoint will be origin-blocked in the browser.