Add human verification to your site in minutes. No API keys, no cost.
A popup handles the entire verification flow. Your user verifies with biometrics, and you get the result via a promise.
Humanpass.verify() — a popup opens and the user verifies with biometrics.
<script src="https://human-pass.org/sdk.js"></script> <button onclick="verifyHuman()">Verify I'm human</button> <script> async function verifyHuman() { try { const result = await Humanpass.verify(); // result = { verified, shortCode, createdAt } // Send shortCode to your backend for validation await fetch('/your-api/verify', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ code: result.shortCode }) }); } catch (err) { // User closed the popup without verifying } } </script>
// In your backend route handler: const { code } = req.body; const res = await fetch( `https://human-pass.org/api/v1/verify/${code}` ); const data = await res.json(); if (data.verified) { // Human verified! Check createdAt for freshness. }
See it in action:
If you prefer not to use the SDK, users can verify on humanpass directly and paste their code into your platform.
GET /api/v1/verify/:code
Public endpoint. No authentication required. CORS enabled for all origins.
{
"verified": true,
"shortCode": "20260223-1432-rSBp",
"createdAt": "2026-02-23T14:32:44.565Z"
}
{
"verified": false
}
From your backend (Node.js):
const code = /* code submitted by the user */; const res = await fetch( `https://human-pass.org/api/v1/verify/${code}` ); const data = await res.json(); if (data.verified) { // Check the code is recent (links expire after 1 min) const age = Date.now() - new Date(data.createdAt).getTime(); if (age < 120_000) { // Human verified } }
With cURL:
curl https://human-pass.org/api/v1/verify/20260223-1432-rSBp
createdAt to ensure the code is recent. Links expire after 1 minute, but you can enforce your own window (e.g. 2 minutes).Want API keys, webhooks, and custom branding?
Coming soon. Get in touch for early access.