Every CaptchaAI API call carries your API key. If that traffic isn't encrypted, anyone on the network path can read your key and use your balance. CaptchaAI's endpoint (https://ocr.captchaai.com) supports TLS by default — this guide ensures your client is configured correctly and shows how to handle common TLS issues.
Verify Your Connection Is Encrypted
Python
import requests
resp = requests.get("https://ocr.captchaai.com/res.php", params={
"key": "test", "action": "getbalance", "json": "1",
})
# Check the connection used TLS
print(f"URL: {resp.url}")
print(f"Status: {resp.status_code}")
# If this succeeds without error, TLS is working
JavaScript
const axios = require('axios');
async function verifyTLS() {
try {
const resp = await axios.get('https://ocr.captchaai.com/res.php', {
params: { key: 'test', action: 'getbalance', json: '1' },
});
console.log(`Connected via HTTPS: ${resp.config.url.startsWith('https')}`);
} catch (e) {
console.error(`TLS error: ${e.message}`);
}
}
verifyTLS();
Common TLS Mistakes
Never Disable Certificate Verification
Some developers disable SSL verification to work around certificate errors. This makes your traffic vulnerable to interception:
# DANGEROUS — never do this in production
requests.get(url, verify=False) # Disables TLS verification
# CORRECT — always verify certificates
requests.get(url, verify=True) # Default behavior
// DANGEROUS — never do this in production
const agent = new https.Agent({ rejectUnauthorized: false });
// CORRECT — always verify (default)
const agent = new https.Agent({ rejectUnauthorized: true });
Always Use HTTPS URLs
Ensure your code uses https:// not http://:
# WRONG
BASE_URL = "http://ocr.captchaai.com"
# CORRECT
BASE_URL = "https://ocr.captchaai.com"
TLS Configuration Best Practices
Python: Enforce Minimum TLS Version
import requests
from requests.adapters import HTTPAdapter
from urllib3.util.ssl_ import create_urllib3_context
import ssl
class TLSAdapter(HTTPAdapter):
"""Force TLS 1.2 or higher."""
def init_poolmanager(self, *args, **kwargs):
ctx = create_urllib3_context()
ctx.minimum_version = ssl.TLSVersion.TLSv1_2
kwargs["ssl_context"] = ctx
return super().init_poolmanager(*args, **kwargs)
session = requests.Session()
session.mount("https://", TLSAdapter())
# All requests through this session use TLS 1.2+
resp = session.get("https://ocr.captchaai.com/res.php", params={
"key": "YOUR_API_KEY", "action": "getbalance", "json": "1",
})
JavaScript: Configure TLS Options
const https = require('https');
const tls = require('tls');
const axios = require('axios');
const agent = new https.Agent({
keepAlive: true,
minVersion: 'TLSv1.2', // Enforce TLS 1.2 minimum
rejectUnauthorized: true, // Always verify certificates
});
const api = axios.create({
baseURL: 'https://ocr.captchaai.com',
httpsAgent: agent,
});
Checking TLS Version
Python: Inspect the Connection
import requests
import urllib3
session = requests.Session()
resp = session.get("https://ocr.captchaai.com/res.php", params={
"key": "test", "action": "getbalance", "json": "1",
})
# Access the underlying connection info
connection = resp.raw._connection
if connection and hasattr(connection, 'sock'):
ssl_socket = connection.sock
print(f"TLS version: {ssl_socket.version()}")
print(f"Cipher: {ssl_socket.cipher()}")
Command Line
# Check TLS support
openssl s_client -connect ocr.captchaai.com:443 -tls1_2
# Check certificate
openssl s_client -connect ocr.captchaai.com:443 -showcerts
Proxy and TLS
When using proxies with CaptchaAI:
| Proxy Type | TLS Impact | Recommendation |
|---|---|---|
| HTTPS proxy | Traffic encrypted end-to-end | Preferred |
| HTTP CONNECT proxy | TLS tunnel through proxy | Acceptable |
| SOCKS5 proxy | TLS maintained through tunnel | Acceptable |
| Transparent HTTP proxy | Traffic may be intercepted | Avoid |
# HTTPS proxy — maintains TLS
session.proxies = {
"https": "https://user:pass@proxy.example.com:8443",
}
# SOCKS5 proxy — tunnels TLS
session.proxies = {
"https": "socks5://user:pass@proxy.example.com:1080",
}
Troubleshooting
| Error | Cause | Fix |
|---|---|---|
SSLError: certificate verify failed |
OS CA bundle outdated or missing | Update certifi: pip install --upgrade certifi |
CERTIFICATE_VERIFY_FAILED (Node.js) |
Missing root CA | Set NODE_EXTRA_CA_CERTS or update Node.js |
SSL: TLSV1_ALERT_PROTOCOL_VERSION |
Server requires newer TLS | Upgrade Python/Node.js to support TLS 1.2+ |
UNABLE_TO_GET_ISSUER_CERT_LOCALLY |
Corporate proxy intercepting TLS | Add proxy's CA cert to trust store |
Connection works with verify=False |
Certificate validation issue | Fix the CA bundle; never ship with verify=False |
Corporate Proxy / Firewall Issues
If your corporate network intercepts TLS (SSL inspection), you'll see certificate errors. The fix is to add your organization's CA certificate to the trust store:
# Python — use your corporate CA bundle
session.verify = "/path/to/corporate-ca-bundle.crt"
// Node.js — set CA certificates
process.env.NODE_EXTRA_CA_CERTS = '/path/to/corporate-ca.crt';
FAQ
Does CaptchaAI support TLS 1.3?
Test with openssl s_client -connect ocr.captchaai.com:443 -tls1_3. If the connection succeeds, TLS 1.3 is supported. TLS 1.2 is the minimum recommended version.
Is my API key visible in server logs?
The API key is in the URL query string for GET requests. Server access logs may record it. For additional security, ensure your server logs don't expose query parameters, or use POST requests where supported.
Should I pin CaptchaAI's certificate?
Certificate pinning is not recommended for API clients. It prevents automatic certificate rotation and can cause outages when CaptchaAI renews its certificates.
Related Articles
- Ip Reputation Captcha Solving Best Practices
- Proxy Setup Best Practices
- Image Captcha Base64 Encoding Best Practices
Next Steps
Verify your API traffic is encrypted — get your CaptchaAI API key.
Related guides:
Full Working Code
Complete runnable examples for this article in Python, Node.js, PHP, Go, Java, C#, Ruby, Rust, Kotlin & Bash.
View on GitHub →
Discussions (0)
Join the conversation
Sign in to share your opinion.
Sign InNo comments yet.