Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML Services
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Center for Technologies and Society
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Yandex SmartCaptcha
  • Getting started
    • CAPTCHA availability
    • User validation
    • Domain validation
    • Challenge types
    • Challenge options
    • Widget connection methods
    • CAPTCHA keys
    • Invisible CAPTCHA
    • CAPTCHA in React
    • JavaScript Interface object
    • Restricted mode
    • Public IP addresses
    • Quotas and limits
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes
  1. Concepts
  2. CAPTCHA keys

CAPTCHA keys

Written by
Yandex Cloud
Updated at February 1, 2024

When you create a CAPTCHA, a pair of keys is generated automatically: a client key and a server key. Once generated when creating a CAPTCHA, these keys never change.

The client key (client_key) is used for adding the SmartCaptcha widget to a website. This is a public key that is specified on the page hosting the widget.

The server key (server_key) is used by the website backend to get the verification results for the user request. The server key is private and should be stored in a secure location, e.g., using Yandex Lockbox.

SmartCaptcha automatically generates a one time token, i.e., a request identifier used when receiving the verification results for the user request. The token is valid for five minutes.

Warning

Never send your SmartCaptcha server key to anyone, store it unencrypted, or allow it to become public. If it did become public, create a new CAPTCHA to replace the old one.

For more information on how to get the server and client keys, see Retrieving CAPTCHA keys.

Key formatKey format

The client key is always prefixed with ysc1_, and the server key with ysc2_. Their next 20 characters are the same.

Here are some sample keys:

  • client_key : ysc1_yzF85********
  • server_key : ysc2_yzF85********

Was the article helpful?

Previous
Widget connection methods
Next
Invisible CAPTCHA
© 2025 Direct Cursus Technology L.L.C.