APTOGON
ManifestDevelopersFor OrgsDonateVerify
For Organizations

Prove your users are human — without collecting who they are

Drop-in human verification for your site, portal or social network. No passwords, no biometrics, no personal data — a gesture + on-device AI returns a trustworthy “this is a real person” signal you redeem on your server. Live in ~5 minutes.

Get an API key →Full API docsTalk to us

What you get — and what you never touch

✅ You receive
  • human: true — a real person did this action, now
  • an anonymous did_hash to enforce one-human-one-action
  • a trust level (newcomer / community-verified / trusted)
🚫 You never receive (or store)
  • No name, email, phone, or document
  • No biometric template (unlike iris/palm systems)
  • GDPR-native — no consent banner for the check, no biometric liability

How it works — 3 calls

Browser (your page) APTOGON Your server ────────────────── ─────── ─────────── 1) widget → POST /api/embed/challenge { pk_live_, origin } → { nonce } 2) user signs the nonce with their DID → POST /api/embed/assert { nonce, did, signature } → { token } 3) token ──────► POST /api/embed/verify Authorization: Bearer sk_live_… ◄────────────────────────── { human: true, did_hash } 4) → allow the action (comment / vote / signup …)

pk_live_ lives in the browser (safe). sk_live_ stays on your server — the /api/embed/verify call is the billable, single-use redemption.

Two ways to integrate

A · Drop-in widget
For site / portal / CMS admins — 2 lines, no front-end code.
<script src="https://homosapience.org/embed/v1/aptogon.js" data-aptogon-key="pk_live_…"></script> <div data-aptogon-verify data-on-success="onHuman"></div>
B · Confirm on your server
Never expose sk_live_ to the browser.
const res = await fetch( 'https://homosapience.org/api/embed/verify', { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': 'Bearer sk_live_…', }, body: JSON.stringify({ token }), }) const { human, did_hash } = await res.json() if (human) allowAction(did_hash)

Go live in ~5 minutes

1
Get your API keys
In the console: create a key → you get pk_live_ (browser-safe) and sk_live_ (server-only, shown once).
2
Verify your domain
So the key only works from your own origin.
3
Add the widget or call the API
Drop-in 2-line widget, or the full challenge → assert → verify flow.
4
Redeem the token server-side
Your backend calls /api/embed/verify with sk_live_ to confirm a verified human before allowing the action.
5
Store did_hash, not PII
Keep the anonymous did_hash to enforce “one human = one action”. Never store personal data.

What you can gate

🌐 Sites · portals · forums (CMS)
Comment submit, sign-up, contact forms
Drop-in widget unlocks the form; your backend redeems the token before accepting the post. One human = one account.
💬 Social networks
Account creation, posting, voting, DMs
Full API in your sign-up / action flow; show a “✦ Verified Human” badge from the DID; store did_hash per account to make ban-evasion hard.
🛒 Marketplaces · reviews
Publishing a review or rating
One verified human = one review, enforced by did_hash — kills review farms.
⛓ Web3 · DAO · airdrops
Claims, governance votes
Require a verified-human token before a claim/vote. The DID is portable + on-chain — Sybil farms don’t scale.
🎟 Ticketing · waitlists · giveaways
Entry / signup
Gate the entry point so each spot goes to a real person.

Pricing

Free
1,000 verifications / mo
No card. Build and ship.
Pro
50,000 verifications / mo
For growing platforms.
Enterprise
Unlimited
Volume + SLA + support.

Open source under AGPL-3.0 — audit every line. Embedding the verifier in a proprietary product without AGPL obligations? A commercial license is available — talk to us.

Stop fighting bots with CAPTCHAs.
Get your API key →