The EVANDALIZE API Is Free and You Can Have It Right Now
The EVANDALIZE API is live, it's free, and it takes about ten minutes to integrate. If you're building anything that needs to gate access, verify user intent, or specifically filter out state-sponsored threat actors (a niche we are proud to own), you can add adversarial verification to your app today. Here's the whole deal.
The Flow (It's Refreshingly Simple)
Step one: drop the EVANDALIZE widget on your page. Step two: user draws on a dictator's portrait, which is honestly the most entertaining verification experience on the internet. Step three: widget returns a clearance code. Step four: your server sends that code to our API. We tell you if it's legit. That's it. Four steps. Your intern could do this. Your intern's intern could do this.
The Widget
One script tag. One container div. The widget handles everything: challenge presentation, the drawing canvas, clearance code generation. It's under 50KB (we are not shipping a React app inside your CAPTCHA, unlike some providers we won't name). No external dependencies. Respects dark mode automatically because we're not animals. It renders inside your existing layout without forcing its own styling opinions on you.
When the user finishes their masterpiece (we've seen some genuinely impressive mustache work), the widget fires a callback with the clearance code. Include that code with your form submission. Done.
Server-Side Verification
One POST request. Send your API key and the clearance code. We send back whether it's valid, which threat vector was tested, and when the challenge was completed. Clearance codes expire after 5 minutes and can only be verified once, because replay attacks are for amateurs and we respect your security posture.
Sub-100ms response times globally, running on edge infrastructure. 100 verifications per hour on the free tier. No credit card. No tracking. We want the verification step to be fast. The fun part is the drawing. The verification part should be invisible.
Webhooks for the Paranoid (Affectionate)
Configure a webhook URL in your dashboard and we'll POST to it every time a challenge is completed or failed. Payload includes the result, threat vector, timestamp, and a signature header so you can verify it came from us. Pipe it into your security dashboard. Set up alerts. Build a Slack bot that announces every time someone draws glasses on Putin. We don't judge. We encourage.
Getting Started (The Actually Useful Section)
Go to the EVANDALIZE dashboard. Sign up. Get an API key. No credit card. Free tier gets you 100 verifications per hour. No tracking your users beyond the challenge interaction. We're a security product, not an ad network.
Already using reCAPTCHA or hCaptcha? The migration is almost suspiciously easy. Our widget API intentionally mirrors existing CAPTCHA widget patterns, so the frontend swap is basically find and replace. Backend is one new verification endpoint. Check the full API docs for code examples in every language that matters (and a few that don't). Or read how it works if you want the conceptual overview first. Either way, your users will thank you. Partly because they're no longer clicking fire hydrants, and partly because drawing on dictators is genuinely a good time.