Truform Captcha
Release notes
Truform platform, widget, and integration version history.
This page summarizes customer-facing changes to Truform. Unless noted, existing integrations continue to work without changes.
Current versions:
| Component | Version | Released |
|---|---|---|
API (api.syndaq.com) | 2.1.0 | 2026-05-22 |
Widget (syndaq.com/truform/api.js) | 2026-05-22 | 2026-05-22 |
| WHMCS module | 2.0.10 | 2026-05-22 |
API 2.1.0 — 2026-05-22
Added
- Managed verification — New
POST /v1/truform/managedendpoint for site keys configured for Managed mode. Low-risk visitors receive a response token without completing a puzzle. Higher-risk visitors receiveinteractive_requiredand the widget falls back to the standard puzzle flow. - IP risk signals — Managed decisions incorporate Syndaq IP risk intelligence (when available on your plan) together with existing browser telemetry.
- Per-key Managed settings — Developer and Enterprise plans can set verification mode and a Managed risk threshold in the client area under Settings on each site key.
Unchanged (backward compatible)
- Interactive mode remains the default for all existing site keys. No embed or server changes are required unless you opt in to Managed mode.
GET /v1/truform/challenge,POST /v1/truform/verify, andPOST /v1/truform/siteverifybehave as before for Interactive integrations.- Response tokens from Managed and Interactive verifications are validated the same way on
siteverify.
Opting in to Managed mode
- Open Services → Truform → Manage on the site key (Developer or Enterprise plan).
- Under Security and behavior, set Verification mode to Managed.
- Copy the updated embed snippet from the Integrate tab (includes
data-mode="managed"). - Deploy the new snippet on your site.
Sites that keep the previous embed continue to use Interactive verification.
API 2.0.x — 2026-04 to 2026-05
Added and improved
- Per-key security policies (puzzle type, enhanced puzzles, risk policy on
siteverify, token TTL on eligible plans). - Webhook event toggles, delivery log, and replay on Developer and Enterprise plans.
- Threat signals and token-farming detection on Enterprise plans.
- Service-level quota webhooks (
quota.threshold,quota.exceeded). - Domain binding enforced on browser routes and successful
siteverifyhostname checks. - Optional per-key IP allowlists.
- Risk score and risk level fields on verify responses and stored tokens.
- Enhanced (hard) puzzle escalation after suspicious interaction patterns.
WHMCS module 2.0.10 — 2026-05-22
- Managed verification — Verification mode under addon Configure (Interactive or Managed). Outputs
data-mode="managed"when enabled. Also enable Managed on the site key in the Syndaq client area. - API URL — Removed from addon settings; all requests use
https://api.syndaq.com.
WHMCS module 2.0.8 — 2026-05-19
- Admin login template compatibility fixes.
- WHMCS hostname detection from the database for domain validation.
- Native captcha sync and challenge storage reliability improvements.
No action required on live WHMCS sites unless you choose to upgrade the module ZIP from your client area.
API 1.x — Initial platform release
- Public puzzle API at
api.syndaq.comwithtf_pub_/tf_sec_key pairs. - Browser widget loader at
syndaq.com/truform/api.js. - Server-side
siteverifycompatible with common captcha integration patterns. - Client area site key management, analytics, and monthly quota per subscription.
Related guides
- Web integration — widget options including Managed mode
- API reference — endpoint details
- Site keys and security — policies and domains