How does MeshPrivacy compare to 2Captcha, CapSolver, and Anti-Captcha for hCaptcha?

MeshPrivacy offers two service IDs for hCaptcha: hcaptcha (standard Enterprise, bring your own proxy) and hcap_extended (HSW invisible variant using our internal proxy pool). Pricing is per-credit at 1 USD = 1,000 credits — see meshprivacy.com/pricing for current per-service rates. We are one of the few APIs publicly supporting hCaptcha HSW invisible challenges that competitors typically bucket as Enterprise.

Is solving hCaptcha legal?

Solving hCaptcha is legal in most jurisdictions when used for accessibility testing, QA verification, and lawful automation against properties you own or have permission to access. CAPTCHA solving itself is not illegal — what determines legality is the underlying activity. Violating a target's Terms of Service, the Computer Fraud and Abuse Act, or the DMCA can create civil or criminal exposure regardless of how the CAPTCHA was solved.

How to skip hCaptcha in automation?

Three options. One: submit the sitekey and page URL to MeshPrivacy's hcaptcha endpoint, receive an h-captcha-response token in 2 to 5 seconds, and post it as the form field. Two: for HSW invisible deployments use service hcap_extended which runs through our internal proxy pool. Three: use accessibility cookies if the target supports them. Pure browser automation without a solver fails on modern hCaptcha Enterprise.

Are hCaptcha solvers illegal?

No. CAPTCHA solving services and the act of solving CAPTCHAs are not illegal under US, EU, or most national law. Legal exposure depends on what you do with the solved token — credential stuffing, mass-account creation against a hostile ToS, or scraping copyrighted content can violate other statutes. MeshPrivacy requires a human-in-the-loop acknowledgment for HITL-flagged services and prohibits abusive use.

Are there bots that can bypass hCaptcha?

Yes. Modern AI agents and CAPTCHA solving APIs resolve standard hCaptcha and hCaptcha Enterprise at scale. MeshPrivacy generates valid h-captcha-response tokens server-side without a real browser. hCaptcha continues to add behavioral signals and Enterprise risk scoring, so reliability depends on the solver maintaining current sensor logic and clean residential or mobile proxies. We update both continuously.

How fast is the hCaptcha solver?

Standard hcaptcha tokens return in 2 to 5 seconds typical end-to-end. hCaptcha Enterprise HSW invisible (service hcap_extended) takes 5 to 15 seconds because the HSW proof-of-work step adds compute time. We do not advertise sub-second numbers — generating a valid hCaptcha sensor payload takes real work. Upstream timeout is 120 seconds.

How much does hCaptcha solving cost?

Pricing is per-credit at 1 USD = 1,000 credits. Credit cost per request varies per service and may change — see meshprivacy.com/pricing for current rates. New accounts get 20 free credits with no credit card required, enough to integrate and test against your target sitekey before any payment.

What is HSW invisible?

HSW (HTTPSWAlk) is hCaptcha's proof-of-work challenge layered into the invisible Enterprise mode. The browser executes a cryptographic puzzle whose solution is bundled into the token, which the verifier then validates server-side. MeshPrivacy is one of the few public APIs supporting HSW invisible end-to-end via the hcap_extended service ID — most competitors only expose standard hCaptcha Enterprise without HSW.

Looking for an overview? See the hCaptcha product page

hCaptcha Accessibility Verification Interface

Human-in-the-Loop Requirement

This service is for accessibility testing and QA verification only. By using this API, you confirm: "I am NOT using this service for fully automated AI resolution in violation of the target service's 'No AI/Bot' clauses."

hCaptcha provides invisible and interactive verification challenges. The service returns a h-captcha-response token in a hidden textarea upon completion. MeshPrivacy provides accessibility interfaces for QA teams to verify captcha integration in their applications.

Token Details

Property	Value
Token Field	`h-captcha-response`
Token Length	~2000+ characters
Token TTL	Approximately 2 hours
Callback	`data-callback` required

Real-time API status: trust.meshprivacy.com

Configuration

hcaptcha.html

<!-- hCaptcha invisible mode configuration -->
<div class="h-captcha"
     data-sitekey="[sitekey]"
     data-size="invisible"
     data-callback="onSubmit">
</div>

<script>
function onSubmit(token) {
  // Token received - submit form
  document.getElementById('h-captcha-response').value = token;
  document.forms[0].submit();
}
</script>

Challenge Types

Passive (Invisible) Most Common

Background behavioral verification without visible challenge. Callback triggers automatically when risk is low.

Active (Interactive)

Visual challenge displayed when behavioral signals indicate higher risk. Requires image selection or other interactive verification.

Enterprise

Combined invisible and passive modes with enhanced detection. May fall back to active challenge based on risk scoring.

Service Variants

hCaptcha resolves through two distinct service IDs in MeshPrivacy. Pick the variant that matches your target.

`hcaptcha`Enterprise

Standard hCaptcha Enterprise solver. Pass your own proxy and user agent.

Field	Type	Required	Description
`url`	string	Yes	Page URL containing hCaptcha widget
`sitekey`	string	Yes	hCaptcha site key (UUID format)
`proxy_config`	string	No	Proxy in `http://user:pass@ip:port` format
`user_agent`	string	No	Custom user agent

hcaptcha.js

// Submit hCaptcha (Enterprise) task — QA/Testing only
const response = await fetch('https://api.meshprivacy.com/v1/tasks/submit', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'X-API-Key': API_KEY },
  body: JSON.stringify({
    service: 'hcaptcha',
    url: 'https://target-site.com/',                     // required
    sitekey: 'abc123-def456...',                         // required - from data-sitekey
    proxy_config: 'http://user:pass@ip:port',            // optional
    user_agent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)...' // optional
  })
});
const { task_id } = await response.json();
const result = await fetch(`https://api.meshprivacy.com/v1/tasks/result/${task_id}`, {
  headers: { 'X-API-Key': API_KEY }
});
const { token } = await result.json();
// Submit token as h-captcha-response field value

`hcap_extended`Beta — internal proxy

Beta variant for harder hCaptcha deployments. Uses MeshPrivacy's internal proxy pool — do not pass proxy_config.

Field	Type	Required	Description
`url`	string	Yes	Page URL containing hCaptcha widget
`sitekey`	string	Yes	hCaptcha site key

hcap-extended.js

// Submit hCaptcha Extended (Beta) — uses internal proxy
const response = await fetch('https://api.meshprivacy.com/v1/tasks/submit', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'X-API-Key': API_KEY },
  body: JSON.stringify({
    service: 'hcap_extended',
    url: 'https://target-site.com/',                     // required
    sitekey: 'abc123-def456...'                          // required
    // Note: hcap_extended runs through a managed proxy.
    // Do NOT pass proxy_config — it is ignored for this variant.
  })
});

FAQ

hCaptcha tokens have a generous TTL of approximately 2 hours. However, some sites may verify tokens faster, so submit promptly for best results.

Related Services

FunCaptcha|CaptchaFox|reCAPTCHA v3|Cloudflare Turnstile