Verify humans from your platform

Add human verification to your site in minutes. No API keys, no cost.

Popup SDK Recommended

A popup handles the entire verification flow. Your user verifies with biometrics, and you get the result via a promise.

1. Add the SDK script to your page.
2. Call Humanpass.verify() — a popup opens and the user verifies with biometrics.
3. Send the returned code to your backend and verify it with our API.

Frontend

<script src="https://human-pass.org/sdk.js"></script>

<button onclick="verifyHuman()">Verify I'm human</button>

<script>
async function verifyHuman() {
  try {
    // Pass the user's username to bind the verification to them
    const result = await Humanpass.verify({ label: currentUser.username });
    // result = { verified, shortCode, createdAt }
    // Send shortCode to your backend for validation
    await fetch('/your-api/verify', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ code: result.shortCode })
    });
  } catch (err) {
    // User closed the popup without verifying
  }
}
</script>

Options

{ label: "username" } optional

Binds the verification to a specific user. Pass the user's username so your backend can later verify it matches with ?label=. The user doesn't need to type anything — the label is set automatically.

Backend validation

// In your backend route handler:
const { code } = req.body;
const username = req.user.username; // the logged-in user

const res = await fetch(
  `https://human-pass.org/api/v1/verify/${code}?label=${username}`
);
const data = await res.json();

if (data.verified) {
  // Human verified AND label matches this user
} else if (data.labelMismatch) {
  // Someone tried to use another user's verification
}

See it in action:

Manual flow Alternative

If you prefer not to use the SDK, users can verify on humanpass directly and paste their code into your platform.

1. Your user authenticates on humanpass with their biometrics and gets a verification code.
2. They paste the code (or full link) on your platform.
3. Your backend calls our API to verify it.

API endpoint

GET /api/v1/verify/:code

Public endpoint. No authentication required. CORS enabled for all origins.

Query parameters

?label=username optional

If provided, the API checks that the link's label matches. Returns verified: false on mismatch. Use this to prevent link reuse by a different user.

Successful verification

{
  "verified": true,
  "shortCode": "20260223-1432-rSBp",
  "createdAt": "2026-02-23T14:32:44.565Z",
  "label": "u/jordi-zaragoza"  // only if label was passed via SDK or app
}

Invalid or expired code

{
  "verified": false
}

Label mismatch

{
  "verified": false,
  "labelMismatch": true
}

Examples

Basic verification (Node.js):

const code = /* code submitted by the user */;

const res = await fetch(
  `https://human-pass.org/api/v1/verify/${code}`
);
const data = await res.json();

if (data.verified) {
  // Check the code is recent (links expire after 1 min)
  const age = Date.now() - new Date(data.createdAt).getTime();
  if (age < 120_000) {
    // Human verified
  }
}

Verify with username (prevents link reuse by another user):

const code = /* code submitted by the user */;
const username = /* the user's username on your platform */;

const res = await fetch(
  `https://human-pass.org/api/v1/verify/${code}?label=${username}`
);
const data = await res.json();

if (data.verified) {
  // Human verified AND the label matches this user
} else if (data.labelMismatch) {
  // Valid code but generated for a different user
}

With cURL:

# Basic
curl https://human-pass.org/api/v1/verify/20260223-1432-rSBp

# With label check
curl "https://human-pass.org/api/v1/verify/20260223-1432-rSBp?label=u/jordi-zaragoza"

Best practices

Want API keys, webhooks, and custom branding?

Coming soon. Get in touch for early access.