Explainers

What Is FunCaptcha (Arkose Labs) and How It Works

Automation Cloudflare Turnstile
By Irina
Published at Feb 11, 2026
What Is FunCaptcha (Arkose Labs) and How It Works
Featured image unavailable

FunCaptcha, now officially called Arkose Labs MatchKey, is a CAPTCHA system that uses interactive 3D challenges instead of traditional image grids. If your automation workflow encounters a challenge asking you to rotate a 3D object, pick the image that matches a silhouette, or identify an animal from an unusual angle, you are most likely dealing with FunCaptcha. Arkose Labs serves major platforms including EA Games, Roblox, Microsoft Outlook, and LinkedIn.

This explainer covers how FunCaptcha works, its challenge types, its technical identifiers, and how it compares to traditional CAPTCHA systems.

How FunCaptcha works

FunCaptcha uses a multi-layered defense model that combines behavioral analysis with interactive visual challenges:

  1. Detection layer — The Arkose Labs script evaluates device telemetry, browser fingerprint, mouse movement patterns, and IP reputation before deciding whether to present a challenge.
  2. Challenge presentation — If the risk score exceeds the threshold, the user sees an interactive challenge inside an iframe hosted on arkoselabs.com or funcaptcha.com.
  3. Challenge interaction — Unlike image-grid CAPTCHAs, FunCaptcha challenges require spatial reasoning: rotating objects to match a target, picking the correct image from transformed perspectives, or identifying objects from unusual angles.
  4. Token generation — After successful completion, FunCaptcha returns a session token that the website validates server-side.
  5. Adaptive difficulty — Failed attempts increase challenge complexity. Repeated failures may trigger longer challenge sequences or additional verification steps.

Technical identifiers

Signal What to look for
Script source https://client-api.arkoselabs.com/ or https://api.funcaptcha.com/
Public key A UUID-format key (e.g., 476068BF-9B07-4D4E-B5F5-9A1CEDFBA4F4)
iframe source https://client-api.arkoselabs.com/fc/
API domain arkoselabs.com or funcaptcha.com
HTML attribute data-pkey for the public key

FunCaptcha challenge types

FunCaptcha is distinct from reCAPTCHA and hCaptcha because it uses interactive 3D and spatial challenges:

3D rotation challenges

The most common type. Users must rotate a 3D-rendered object (animal, dice, hand gesture) to match a target orientation. The rendering changes per attempt to prevent simple pattern matching.

Image matching challenges

Users see a set of images and must select the one that matches a described criterion (e.g., "select the image that shows the arrow pointing right"). Images are often distorted or transformed.

Perspective challenges

Users must identify an object shown from an unusual angle or perspective. This tests spatial reasoning rather than object recognition.

Sequential challenges

Some deployments require multiple correct answers in sequence. An incorrect answer resets the sequence but does not immediately fail the challenge.

Audio challenges

An accessibility mode provides audio-based challenges, though these are less common than in reCAPTCHA.

FunCaptcha vs reCAPTCHA vs hCaptcha comparison

Factor FunCaptcha / Arkose Labs reCAPTCHA v2 hCaptcha
Challenge style 3D rotation, spatial reasoning Image grid selection Image grid selection
Difficulty model Adaptive — harder on repeated failure Fixed difficulty per challenge Configurable by site owner
Primary clients Gaming (EA, Roblox), Microsoft, LinkedIn Broad web adoption Cloudflare customers, privacy-focused sites
Detection method Device telemetry + behavioral + IP Browser signals + interaction + cookies Browser signals + behavioral
Script domain arkoselabs.com / funcaptcha.com google.com/recaptcha hcaptcha.com
Response field Custom token via callback g-recaptcha-response h-captcha-response
Enterprise tier Always enterprise-grade reCAPTCHA Enterprise available hCaptcha Enterprise available
Token lifetime Varies by deployment (60-300 seconds) ~120 seconds ~120 seconds

How to detect FunCaptcha on a target page

Method 1: Check page source for Arkose script

import requests

response = requests.get("https://example.com/login")
html = response.text

if "arkoselabs.com" in html or "funcaptcha.com" in html:
    print("FunCaptcha detected")
    # Extract public key
    import re
    pkey_match = re.search(r'data-pkey="([^"]+)"', html)
    if pkey_match:
        print(f"Public key: {pkey_match.group(1)}")

Method 2: Monitor network requests

// In Puppeteer
page.on('request', request => {
    const url = request.url();
    if (url.includes('arkoselabs.com') || url.includes('funcaptcha.com')) {
        console.log(`FunCaptcha request detected: ${url}`);
    }
});

Method 3: Check iframe sources

const frames = page.frames();
const arkoseFrame = frames.find(f =>
    f.url().includes('arkoselabs.com/fc/') ||
    f.url().includes('funcaptcha.com/fc/')
);

if (arkoseFrame) {
    console.log('FunCaptcha iframe found');
}

What makes FunCaptcha challenging for automation

  1. 3D rendering — Challenges render differently each time, making template matching ineffective.
  2. Adaptive difficulty — The system increases difficulty based on solving patterns, IP reputation, and session history.
  3. Device telemetry — Arkose Labs collects extensive client-side data including hardware characteristics, browser plugins, and timing patterns.
  4. Sequential challenges — Some configurations require 3-6 correct answers in sequence, with a reset on any error.
  5. Token binding — Tokens are bound to specific sessions and device fingerprints, making transfer complex.

Impact on scraping and automation workflows

When your workflow encounters FunCaptcha, you need to:

  1. Identify the public key — Extract it from data-pkey attributes or API calls
  2. Determine the service URL — Usually https://client-api.arkoselabs.com/fc/gt2/public_key/{pkey}
  3. Choose a solving approach — API-based solving services can handle FunCaptcha challenges
  4. Handle token injection — FunCaptcha tokens are typically submitted via JavaScript callbacks rather than hidden form fields

For CAPTCHA types that CaptchaAI supports with the highest solve rates, including reCAPTCHA, Cloudflare Turnstile, and GeeTest:

Frequently asked questions

Is FunCaptcha the same as Arkose Labs?

Yes. FunCaptcha was the original product name. Arkose Labs is the company, and the current product name is Arkose MatchKey. Most developers still refer to it as FunCaptcha because the API domains still use funcaptcha.com.

Which major sites use FunCaptcha?

EA Games, Roblox, Microsoft (Outlook, Xbox), LinkedIn, GitHub (for certain flows), and several banking and financial services platforms.

Is FunCaptcha harder to solve than reCAPTCHA?

FunCaptcha's 3D rotation challenges require spatial reasoning that image-grid CAPTCHAs do not. The adaptive difficulty system also makes repeated solving attempts progressively harder. For automated workflows, FunCaptcha is generally considered harder than standard reCAPTCHA v2 but comparable to reCAPTCHA Enterprise with strict configurations.

Does FunCaptcha work without JavaScript?

No. FunCaptcha requires JavaScript for rendering 3D challenges, collecting device telemetry, and returning tokens. The entire challenge is delivered via JavaScript within an iframe.

How long do FunCaptcha tokens last?

Token validity varies by deployment, typically between 60 and 300 seconds. The token is single-use and bound to the session where it was generated.

Summary

FunCaptcha (Arkose Labs) uses interactive 3D challenges instead of traditional image grids, making it structurally different from reCAPTCHA and hCaptcha. You can identify it by script loads from arkoselabs.com or funcaptcha.com, UUID-format public keys, and 3D/spatial challenge presentation. For developers building automation workflows, correctly identifying the CAPTCHA type is the first step. Explore the CaptchaAI API for solving the CAPTCHA types your workflows encounter most frequently.

Discussions (0)

No comments yet.