OpenPassport

Plug OpenPassport into the moments where abuse hurts most and make real users sail through. Start with your registration or login screen: install the client library, render the verification UI next to your submit button, and capture the returned token on completion. Post that token to your backend, verify it with your server key, and attach the result to the session or JWT you already issue. Gate the next step—account creation, issuing credits, or unlocking features—on a valid, unexpired verification. Roll it out behind a feature flag and monitor completion and drop-off so you can tune the placement without risking conversions.

Move beyond signups by protecting actions that attract automation: contact forms, waitlists, comments, votes, and giveaways. Decide when to prompt users—always, or only after your own heuristics (rate limits, velocity, device signals) raise suspicion. Wire the widget to your form submit; on success, include the token in the same POST as user input. On the server, reject submissions without a recent pass and log only what you need: pass/fail and timestamps. Tokens are short-lived, so you can safely treat older ones as invalid without storing personal details. If an action is especially sensitive (large transfers, bulk edits), require a fresh pass just-in-time. Keep the UI inline to preserve flow, or show it as a modal for high-friction steps. more