Docs / Server verify / Go

Verify Playtcha from Go

This page is the server-side contract for Go apps. Your backend receives a client-submitted result token, posts it to /v1/verify with your secret key, and only then decides whether to continue the request.

Minimal example

The shortest correct shape is still { secret, token } over JSON, then gate the request on success.

verify_playtcha.go

package main

import (
  "bytes"
  "encoding/json"
  "net/http"
  "os"
)

func verifyPlaytcha(token string) map[string]any {
  if token == "" {
    return map[string]any{
      "success": false,
      "error": map[string]string{
        "code": "missing_token",
        "message": "Missing result token",
      },
    }
  }

  body, _ := json.Marshal(map[string]string{
    "secret": os.Getenv("PLAYTCHA_SECRET"),
    "token": token,
  })

  res, err := http.Post(
    "https://playtcha.com/v1/verify",
    "application/json",
    bytes.NewReader(body),
  )
  if err != nil {
    return map[string]any{
      "success": false,
      "error": map[string]string{
        "code": "network_error",
        "message": "Couldn't reach Playtcha verify",
      },
    }
  }
  defer res.Body.Close()

  var out map[string]any
  _ = json.NewDecoder(res.Body).Decode(&out)
  return out
}

Production-ready example

In production, use a timeout, parse the upstream error envelope on non-2xx responses, and log degraded mode separately from actual failures.

verify_playtcha_prod.go

package main

import (
  "bytes"
  "context"
  "encoding/json"
  "log"
  "net/http"
  "os"
  "time"
)

// VerifySuccess is exactly what the server returns on 2xx.
type VerifySuccess struct {
  Success        bool     `json:"success"`
  ChallengeTS    string   `json:"challenge_ts,omitempty"`
  Hostname       string   `json:"hostname,omitempty"`
  Degraded       bool     `json:"degraded,omitempty"`
  DegradedReason *string  `json:"degraded_reason,omitempty"`
  Score          *float64 `json:"score,omitempty"`
  Action         string   `json:"action,omitempty"`
}

// VerifyError is the inner shape of the error envelope on 4xx/5xx.
type VerifyError struct {
  Code      string `json:"code"`
  Message   string `json:"message"`
  RequestID string `json:"request_id,omitempty"`
  Hint      string `json:"hint,omitempty"`
  Host      string `json:"host,omitempty"`
}

// VerifyFailure is OUR helper shape. The server returns only { error: {...} } on
// failure — there is no success: false field on the wire. The bool here is a
// local discriminator we set ourselves.
type VerifyFailure struct {
  Status      int         // HTTP status. 0 for network errors.
  Unavailable bool        // true on 5xx / network — caller may fail open.
  Error       VerifyError
}

func verifyPlaytcha(token string) (VerifySuccess, *VerifyFailure) {
  if token == "" {
    return VerifySuccess{}, &VerifyFailure{
      Error: VerifyError{Code: "missing_token", Message: "Missing result token"},
    }
  }

  body, _ := json.Marshal(map[string]string{
    "secret": os.Getenv("PLAYTCHA_SECRET"),
    "token":  token,
  })

  ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
  defer cancel()

  req, _ := http.NewRequestWithContext(ctx, http.MethodPost, "https://playtcha.com/v1/verify", bytes.NewReader(body))
  req.Header.Set("Content-Type", "application/json")

  res, err := http.DefaultClient.Do(req)
  if err != nil {
    return VerifySuccess{}, &VerifyFailure{
      Unavailable: true,
      Error:       VerifyError{Code: "network_error", Message: err.Error()},
    }
  }
  defer res.Body.Close()

  if res.StatusCode >= 500 {
    return VerifySuccess{}, &VerifyFailure{
      Status: res.StatusCode, Unavailable: true,
      Error: VerifyError{Code: "verifier_unavailable", Message: "5xx"},
    }
  }

  if res.StatusCode >= 400 {
    // 4xx: upstream returns the error envelope { error: { code, message, request_id, ... } }.
    var env struct{ Error VerifyError `json:"error"` }
    _ = json.NewDecoder(res.Body).Decode(&env)
    if env.Error.Code == "" {
      env.Error = VerifyError{Code: "unknown_error", Message: "Verify failed without an error envelope"}
    }
    return VerifySuccess{}, &VerifyFailure{Status: res.StatusCode, Error: env.Error}
  }

  var ok VerifySuccess
  if err := json.NewDecoder(res.Body).Decode(&ok); err != nil {
    return VerifySuccess{}, &VerifyFailure{
      Status: res.StatusCode, Unavailable: true,
      Error: VerifyError{Code: "bad_response", Message: "Malformed JSON"},
    }
  }
  return ok, nil
}

var failClosed = os.Getenv("PLAYTCHA_FAIL_CLOSED") == "1"

// submitHandler implements the fail-open contract:
//   5xx / network -> log + treat as verified (unless PLAYTCHA_FAIL_CLOSED=1)
//   4xx           -> reject deterministically
//   429           -> reject + honor Retry-After (don't tighten retries)
func submitHandler(w http.ResponseWriter, r *http.Request) {
  result, failed := verifyPlaytcha(r.FormValue("playtcha-token"))
  if failed != nil {
    if failed.Unavailable {
      log.Printf("playtcha.verify.unavailable status=%d err=%s", failed.Status, failed.Error.Code)
      if failClosed {
        http.Error(w, "verifier unavailable", http.StatusServiceUnavailable)
        return
      }
      // fall through — treat as verified
    } else {
      // 409 already_redeemed is a security signal: replay, stuck retry, or duplicate POST.
      // Log with request_id at warn level — do not silently retry.
      log.Printf("playtcha.verify.failed status=%d code=%s request_id=%s hint=%s",
        failed.Status, failed.Error.Code, failed.Error.RequestID, failed.Error.Hint)
      http.Error(w, "verification failed", http.StatusBadRequest)
      return
    }
  } else if result.Degraded {
    log.Printf("playtcha.verify.degraded reason=%v", result.DegradedReason)
  }

  w.WriteHeader(http.StatusOK)
}

Common gotchas

Use a client timeout or context deadline so verify never becomes an unbounded dependency.
Fail open on 5xx and network errors; fail closed on 4xx. Opt into PLAYTCHA_FAIL_CLOSED=1 for high-fraud paths.
On non-2xx responses, decode the upstream error envelope ({ error: { code, message, request_id, ... } }) instead of inventing your own failure shape first.
The wire format has no success: false field on errors. The Success bool only exists on 2xx responses. Helper code that adds Success: false to a failure struct is doing it locally.
Treat Degraded=true as success and log it as quota state, not a failed human check.
409 already_redeemed is single-use-by-design. In production it means replay, stuck retry, or duplicate POST. Log with RequestID at warn level — do not retry.
429 rate_limited_ip means per-IP throttle. Honor the Retry-After header; do not retry tighter than 1s.

Relevant failure codes

Status	Code	Meaning
401	`token_invalid`	Bad signature or claims. Often wrong env (live vs test).
401	`bad_secret`	Secret does not match the project. Config error.
404	`unknown_project`	Project deleted or never existed.
409	`already_redeemed`	Security signal. Single-use by design. Log with `request_id` at warn level.
410	`token_expired`	Result token TTL elapsed (5 minutes).
429	`rate_limited_ip`	Per-IP throttle. Response has `Retry-After` header.
500	`db_error`	Playtcha-side. Fail open.

Where to go next

Pair this with token lifecycle for the token model, or domain whitelist if your issue happens before verify on the public widget endpoints.