For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • Getting Started
    • Overview
    • Best practices
  • Sightline Cyberfraud Defense
    • About Sightline Cyberfraud Defense
    • Getting Started
    • What's different in Sightline Cyberfraud Defense
    • Sensor changelog
    • About the Overview Dashboard
    • Glossary
  • AgenticTrust
    • Getting started with AgenticTrust
    • AI Agents Monitoring Dashboard
    • AI Visitors Overview Dashboard
    • Manage AI Agent Permissions
    • Agentic Activity Priority
    • Agent Trust Levels
  • Account Defender
    • Account Defender Overview
    • Use Cases
    • Prerequisites
    • Getting Started with Account Defender
    • Optimizing Account Defender Detection
    • Validating Account Defender Integration
    • Risk Triggers
    • About Network Events
    • Troubleshooting
  • Bot Defender
    • Bot Defender Overview
    • Detection
    • Bot Defender Policy Settings
      • Human Challenge - Integration Testing Process
      • Mobile Enforcement Verification
    • Footprint
  • Credential Intelligence
    • Credential Intelligence Overview
    • How to Access the Breached Flag
    • Credential Intelligence FAQ
    • Credential Intelligence Dashboard
  • Code Defender
    • Code Defender Introduction
    • Getting Started with Code Defender
    • Code Defender Glossary
    • Website Risk Analyzer
  • Platform
    • Account settings
    • Manage users
    • Role permissions
    • Enforcer configurations
    • Page Type Mapping
  • Client-Side Integration
    • JavaScript tag
    • Improving first page performance
    • Use of cookies & web storage
    • Advanced client integration
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Test Scenarios
  • Q&A and Troubleshooting
  • My development and testing process does not allow me to manipulate headers, how can I test this flow?
  • I waited for the bar to fill, released the press and the challenge UI is now stuck, not continuing with the process or showing an animation endlessly. What is blocking it from moving forward?
  • I waited for the bar to fill, released the press and got another challenge to solve, what am I doing wrong?
  • I managed to get the integration to work via web and browser, but the mobile integration keeps showing me challenges, what could be the cause?
  • I keep getting challenges when testing through a mobile emulator as a part of my development process, how can I bypass this?
  • While using Chrome’s DevTool emulator I am forced to solve the challenge repeatedly?
  • No matter what I do I pass the challenge, is it not working as expected?
  • I’m testing my challenge within an automated tool. How can I know in advance how long the “press and hold” action should be?
Bot DefenderValidating Integration

Human Challenge - Integration Testing Process

Was this page helpful?
Previous

Mobile Enforcement Verification

Next
Built with

In order to ensure that Human Challenge was integrated correctly, it is recommended that the following test scenarios be executed. While the amount of test scenarios is small, there are some caveats to note in each one to ensure that it is indeed repeatable and possible to automate as well.

Test Scenarios

In each case mentioned below, the following scenarios should be tested:

Successful Attempt:

  1. Create a CAPTCHA Bypass Token by navigating to Bot Defender Settings > Challenge Settings > Challenge Tokens. This only needs to happen once and can be reused across multiple executions.
  2. To ensure the challenge is presented, add a User-Agent: PhantomJS header to the request.
  3. Render the page which has the challenge embedded (e.g. the built-in block page, a customized block page or a challenge rendered via Advanced Blocking Response (ABR).
  4. After the challenge is rendered, add an x-px-captcha-testing: <captcha-bypass-token> header to the request with the bypass token generated in step (a).
  5. Solve the challenge by clicking / tapping on it until the bar is full and then release it.
  6. Observe that you can continue with the process the challenge was displayed for (e.g. login).

Failed Attempt:

  1. To ensure the challenge is presented, add a User-Agent: PhantomJS header to the request.
  2. Render the page which has the challenge embedded (e.g. the built-in block page, a customized block page or a challenge rendered via Advanced Blocking Response (ABR).
  3. Solve the challenge by clicking / tapping on it until the bar is full and then release it.
  4. Observe that you got another challenge.

We recommend that, at a minimum, the following setups be tested in this manner to ensure that the integration was done correctly:

  • Web - browser based.
  • Mobile - browser based.
  • Mobile SDK - iOS (if relevant).
  • Mobile SDK - Android (if relevant).

Q&A and Troubleshooting

My development and testing process does not allow me to manipulate headers, how can I test this flow?

If you are unable to use the header manipulation flow mentioned above, we recommend you use the mobile verification flow and our VID extraction tool. Keep in mind that this flow can not be automated and is only applicable for manual testing.

I waited for the bar to fill, released the press and the challenge UI is now stuck, not continuing with the process or showing an animation endlessly. What is blocking it from moving forward?

In the case of ABR, you will need to override the window._pxOnCaptchaSuccess function and handle both the successful and failed results to trigger the correct step in your code.

I waited for the bar to fill, released the press and got another challenge to solve, what am I doing wrong?

Make sure that you added the Captcha Bypass Token before solving the challenge. This will ensure that our system ignores all detections and allows the challenge to be solved.

I managed to get the integration to work via web and browser, but the mobile integration keeps showing me challenges, what could be the cause?

In the case of the mobile SDK, the correct function to override in customized pages is _pxOnMobileCaptchaSuccess, as can be seen in the documentation here. Make sure that you properly implement this function and retest.

I keep getting challenges when testing through a mobile emulator as a part of my development process, how can I bypass this?

Some of our detections block emulator based solves. To make sure these pass successfully, x-px-captcha-testing header to the request.

While using Chrome’s DevTool emulator I am forced to solve the challenge repeatedly?

Unfortunately, Chrome’s DevTool emulator does not behave 100% like a mobile device and is not recommended for testing of Human Challenge.

No matter what I do I pass the challenge, is it not working as expected?

Make sure that the User-Agent: PhantomJS header is a part of the request, and that the x-px-captcha-testing is not. If you solved the challenge in the last few minutes, be sure to clear your cookies and add a random string to the User-Agent header (e.g. User-Agent: PhantomJS-1) or wait 5-10 minutes for the challenge solve to expire.

If none of the answers above helps solve the issue you are experiencing, please contact us on our shared slack channel and our team will be happy to provide additional assistance.

I’m testing my challenge within an automated tool. How can I know in advance how long the “press and hold” action should be?

You can define the solve time in advance by appending a tilde (~) followed by a number of milliseconds (between 1000 and 10000) to the CAPTCHA bypass header. This value will represent the solve time. For example: x-px-captcha-testing: my_bypass_token~5000.