Add a captcha in checkout extensions?

Hello!

Is there any way to add a captcha to a checkout extension? Or any standard to secure an extension api calls?

We have an extension in the checkout that adds a field and submits to our server. We used the checkout token as validation.

Though our extension has recently started being targeted by bots. We implemented rate limits per IP, but then the bots started having different IPs per request, then we implemented a rate limit by token, but then they managed to send requests with different tokens per requests.

Now we are kind of stuck, our next step would be to implement a captcha but it doesn’t seem possible with checkout extensions since we are limited to Shopify’s components (it actually would have been our first step if it worked).

Any ideas?

@Tommy_Gaudreau

That’s an interesting one. Shopify’s bot protection feature is available on Plus, and since you’re publishing a Checkout Extension, then the Shopify store must be on Plus as well.

Is that not an option for some reason? That would move the management of bot detection and captcha’ing to Shopify.

If it’s not an option, then you’ll have to either maintain your own risk engine and come up with a extensions compatible captcha on the frontend (photo + text input or something of that nature).