Truform Captcha

Release notes

Truform platform, widget, and integration version history.

This page summarizes customer-facing changes to Truform. Unless noted, existing integrations continue to work without changes.

Current versions:

ComponentVersionReleased
API (api.syndaq.com)2.1.02026-05-22
Widget (syndaq.com/truform/api.js)2026-05-222026-05-22
WHMCS module2.0.102026-05-22

API 2.1.0 — 2026-05-22

Added

  • Managed verification — New POST /v1/truform/managed endpoint for site keys configured for Managed mode. Low-risk visitors receive a response token without completing a puzzle. Higher-risk visitors receive interactive_required and the widget falls back to the standard puzzle flow.
  • IP risk signals — Managed decisions incorporate Syndaq IP risk intelligence (when available on your plan) together with existing browser telemetry.
  • Per-key Managed settings — Developer and Enterprise plans can set verification mode and a Managed risk threshold in the client area under Settings on each site key.

Unchanged (backward compatible)

  • Interactive mode remains the default for all existing site keys. No embed or server changes are required unless you opt in to Managed mode.
  • GET /v1/truform/challenge, POST /v1/truform/verify, and POST /v1/truform/siteverify behave as before for Interactive integrations.
  • Response tokens from Managed and Interactive verifications are validated the same way on siteverify.

Opting in to Managed mode

  1. Open Services → Truform → Manage on the site key (Developer or Enterprise plan).
  2. Under Security and behavior, set Verification mode to Managed.
  3. Copy the updated embed snippet from the Integrate tab (includes data-mode="managed").
  4. Deploy the new snippet on your site.

Sites that keep the previous embed continue to use Interactive verification.


API 2.0.x — 2026-04 to 2026-05

Added and improved

  • Per-key security policies (puzzle type, enhanced puzzles, risk policy on siteverify, token TTL on eligible plans).
  • Webhook event toggles, delivery log, and replay on Developer and Enterprise plans.
  • Threat signals and token-farming detection on Enterprise plans.
  • Service-level quota webhooks (quota.threshold, quota.exceeded).
  • Domain binding enforced on browser routes and successful siteverify hostname checks.
  • Optional per-key IP allowlists.
  • Risk score and risk level fields on verify responses and stored tokens.
  • Enhanced (hard) puzzle escalation after suspicious interaction patterns.

WHMCS module 2.0.10 — 2026-05-22

  • Managed verification — Verification mode under addon Configure (Interactive or Managed). Outputs data-mode="managed" when enabled. Also enable Managed on the site key in the Syndaq client area.
  • API URL — Removed from addon settings; all requests use https://api.syndaq.com.

WHMCS module 2.0.8 — 2026-05-19

  • Admin login template compatibility fixes.
  • WHMCS hostname detection from the database for domain validation.
  • Native captcha sync and challenge storage reliability improvements.

No action required on live WHMCS sites unless you choose to upgrade the module ZIP from your client area.


API 1.x — Initial platform release

  • Public puzzle API at api.syndaq.com with tf_pub_ / tf_sec_ key pairs.
  • Browser widget loader at syndaq.com/truform/api.js.
  • Server-side siteverify compatible with common captcha integration patterns.
  • Client area site key management, analytics, and monthly quota per subscription.