# Verify CAPTCHA challenge

Step 3 of signup (if enabled): validates CAPTCHA to prevent automated signups. Uses IP address for additional validation. Advances to next step on success. Skip if CAPTCHA is disabled in config.

Endpoint: POST /api/v1/accounts/check-captcha
Version: 1.0
Security: 

## Request fields (application/json):

  - `hash` (string, required)
    Registration hash
    Example: "aaaaaaa-ccccccccccccc-wwwwwwwww"

  - `captchaToken` (string, required)
    Captcha token
    Example: "10010101-aaaa-bbbb-cccc-100000000001"

## Response 200 fields (application/json):

  - `hash` (string, required)

  - `nextStep` (string, required)
    Shows the current step in the signup flow:
       * EMAIL – We sent an email to the user with a verification code. The user must enter the code
                 to confirm their email.
       * PHONE – We sent a text to the user with a verification code. The user must enter the code
                 to confirm their phone number.
       * CAPTCHA – The user must complete a CAPTCHA verification.
       * REASON – The user must provide a reason for admins to approve their signup request.
       * ADMIN – Admins must approve or reject the user's signup request. No action is required from the user.
       * USER – The final step that creates the account. Most of the time, no action is required from the user.
                If the account can't be created because the username is already taken, the user can
                provide a different username at this step.
    Enum: "EMAIL", "PHONE", "CAPTCHA", "REASON", "ADMIN", "USER"

## Response 400 fields (application/json):

  - `errorCode` (string, required)
    Error code

  - `message` (string, required)
    Error message

  - `docUrl` (string)
    Link to documentation

## Response 404 fields (application/json):

  - `errorCode` (string, required)
    Error code

  - `message` (string, required)
    Error message

  - `docUrl` (string)
    Link to documentation